CVE-2015-5345

Priority
Description
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68,
8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before
considering security constraints and Filters, which allows remote attackers
to determine the existence of a directory via a URL that lacks a trailing /
(slash) character.
Ubuntu-Description
It was discovered that the Tomcat mapper component incorrectly handled
redirects. A remote attacker could use this issue to determine the
existence of a directory.
Notes
Package
Upstream:released (6.0.45)
Ubuntu 12.04 ESM (Precise Pangolin):released (6.0.35-1ubuntu3.7)
Ubuntu 14.04 ESM (Trusty Tahr):released (6.0.39-1ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (6.0.45+dfsg-1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1715216
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1717216
Package
Upstream:released (7.0.68-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):released (7.0.52-1ubuntu0.6)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.68-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (7.0.68-1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1715213
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1717212
Package
Upstream:released (8.0.30-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (8.0.32-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (8.0.32-1ubuntu1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1715207
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1717209
Package
Upstream:released (9.0.0.M3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (9.0.16-3~18.04.1)
More Information

Updated: 2020-09-10 04:47:17 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)