CVE-2015-5174 - Vulnerability Details

- tomcat: URL Normalization issue

Description

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.

Published: 2016-02-25

Score: 4.3 Medium

EPSS: 4.8% Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:apache:tomcat:6.0.0:::::::*
	cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
	cpe:2.3:a:apache:tomcat:6.0.1:::::::*
	cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
	cpe:2.3:a:apache:tomcat:6.0.2:::::::*
	cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
	cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
	cpe:2.3:a:apache:tomcat:6.0.4:::::::*
	cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
	cpe:2.3:a:apache:tomcat:6.0.10:::::::*
	cpe:2.3:a:apache:tomcat:6.0.11:::::::*
	cpe:2.3:a:apache:tomcat:6.0.13:::::::*
	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
	cpe:2.3:a:apache:tomcat:6.0.16:::::::*
	cpe:2.3:a:apache:tomcat:6.0.18:::::::*
	cpe:2.3:a:apache:tomcat:6.0.20:::::::*
	cpe:2.3:a:apache:tomcat:6.0.24:::::::*
	cpe:2.3:a:apache:tomcat:6.0.26:::::::*
	cpe:2.3:a:apache:tomcat:6.0.28:::::::*
	cpe:2.3:a:apache:tomcat:6.0.29:::::::*
	cpe:2.3:a:apache:tomcat:6.0.30:::::::*
	cpe:2.3:a:apache:tomcat:6.0.32:::::::*
	cpe:2.3:a:apache:tomcat:6.0.33:::::::*
	cpe:2.3:a:apache:tomcat:6.0.35:::::::*
	cpe:2.3:a:apache:tomcat:6.0.36:::::::*
	cpe:2.3:a:apache:tomcat:6.0.37:::::::*
	cpe:2.3:a:apache:tomcat:6.0.39:::::::*
	cpe:2.3:a:apache:tomcat:6.0.41:::::::*
	cpe:2.3:a:apache:tomcat:6.0.43:::::::*
	cpe:2.3:a:apache:tomcat:6.0.44:::::::*
	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.5:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.6:::::::*
	cpe:2.3:a:apache:tomcat:7.0.10:::::::*
	cpe:2.3:a:apache:tomcat:7.0.11:::::::*
	cpe:2.3:a:apache:tomcat:7.0.12:::::::*
	cpe:2.3:a:apache:tomcat:7.0.14:::::::*
	cpe:2.3:a:apache:tomcat:7.0.16:::::::*
	cpe:2.3:a:apache:tomcat:7.0.19:::::::*
	cpe:2.3:a:apache:tomcat:7.0.20:::::::*
	cpe:2.3:a:apache:tomcat:7.0.21:::::::*
	cpe:2.3:a:apache:tomcat:7.0.22:::::::*
	cpe:2.3:a:apache:tomcat:7.0.23:::::::*
	cpe:2.3:a:apache:tomcat:7.0.25:::::::*
	cpe:2.3:a:apache:tomcat:7.0.26:::::::*
	cpe:2.3:a:apache:tomcat:7.0.27:::::::*
	cpe:2.3:a:apache:tomcat:7.0.28:::::::*
	cpe:2.3:a:apache:tomcat:7.0.29:::::::*
	cpe:2.3:a:apache:tomcat:7.0.30:::::::*
	cpe:2.3:a:apache:tomcat:7.0.32:::::::*
	cpe:2.3:a:apache:tomcat:7.0.33:::::::*
	cpe:2.3:a:apache:tomcat:7.0.34:::::::*
	cpe:2.3:a:apache:tomcat:7.0.35:::::::*
	cpe:2.3:a:apache:tomcat:7.0.37:::::::*
	cpe:2.3:a:apache:tomcat:7.0.39:::::::*
	cpe:2.3:a:apache:tomcat:7.0.40:::::::*
	cpe:2.3:a:apache:tomcat:7.0.41:::::::*
	cpe:2.3:a:apache:tomcat:7.0.42:::::::*
	cpe:2.3:a:apache:tomcat:7.0.47:::::::*
	cpe:2.3:a:apache:tomcat:7.0.50:::::::*
	cpe:2.3:a:apache:tomcat:7.0.52:::::::*
	cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
tomcat6-0:6.0.24-98.el6_8	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:2045	2016-10-10T00:00:00Z
Red Hat Enterprise Linux 7
tomcat-0:7.0.69-10.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:2599	2016-11-03T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4
	cpe:/a:redhat:jboss_enterprise_application_platform:6.4	RHSA-2016:1435	2016-07-18T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6
jboss-ec2-eap-0:7.5.9-2.Final_redhat_2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1432	2016-07-18T00:00:00Z
apache-cxf-0:2.7.18-2.SP1_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
glassfish-jsf-eap6-0:2.1.28-11.SP10_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
hibernate4-validator-0:4.3.3-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
hornetq-0:2.3.25-13.SP11_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-appclient-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-appclient-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-bundles-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-cli-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-client-all-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-clustering-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-cmp-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-configadmin-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-connector-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-controller-client-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-core-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-core-security-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-deployment-repository-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-deployment-scanner-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-domain-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-domain-http-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-domain-management-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-ee-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-ee-deployment-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-ejb3-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-embedded-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-host-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-jacorb-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-javadocs-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-jaxr-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-jaxrs-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-jdr-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-jmx-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-jpa-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-jsf-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-jsr77-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-logging-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-mail-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-management-client-content-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-messaging-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-modcluster-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-modules-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-naming-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-network-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-osgi-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-osgi-service-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-picketlink-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-platform-mbean-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-pojo-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-process-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-product-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-protocol-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-remoting-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-sar-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-security-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-server-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-standalone-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-system-jmx-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-threads-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-transactions-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-version-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-web-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-webservices-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossas-welcome-content-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-weld-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-as-xts-0:7.5.9-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-jsf-api_2.1_spec-0:2.1.28-6.SP2_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jboss-msc-0:1.1.6-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossts-1:4.17.34-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
jbossweb-0:7.5.17-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
picketlink-bindings-0:2.5.4-11.SP9_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
picketlink-federation-0:2.5.4-11.SP9_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
xalan-j2-eap6-0:2.7.1-11.redhat_11.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2016:1433	2016-07-18T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7
apache-cxf-0:2.7.18-2.SP1_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
glassfish-jsf-eap6-0:2.1.28-11.SP10_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
hibernate4-validator-0:4.3.3-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
hornetq-0:2.3.25-13.SP11_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-appclient-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-appclient-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-bundles-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-cli-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-client-all-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-clustering-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-cmp-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-configadmin-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-connector-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-controller-client-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-core-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-core-security-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-deployment-repository-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-deployment-scanner-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-domain-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-domain-http-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-domain-management-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-ee-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-ee-deployment-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-ejb3-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-embedded-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-host-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-jacorb-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-javadocs-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-jaxr-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-jaxrs-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-jdr-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-jmx-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-jpa-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-jsf-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-jsr77-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-logging-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-mail-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-management-client-content-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-messaging-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-modcluster-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-modules-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-naming-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-network-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-osgi-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-osgi-configadmin-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-osgi-service-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-picketlink-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-platform-mbean-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-pojo-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-process-controller-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-product-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-protocol-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-remoting-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-sar-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-security-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-server-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-standalone-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-system-jmx-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-threads-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-transactions-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-version-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-web-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-webservices-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossas-welcome-content-eap-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-weld-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-as-xts-0:7.5.9-2.Final_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-jsf-api_2.1_spec-0:2.1.28-6.SP2_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jboss-msc-0:1.1.6-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossts-1:4.17.34-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
jbossweb-0:7.5.17-1.Final_redhat_1.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
picketlink-bindings-0:2.5.4-11.SP9_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
picketlink-federation-0:2.5.4-11.SP9_redhat_2.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
xalan-j2-eap6-0:2.7.1-11.redhat_11.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_application_platform:6::el7	RHSA-2016:1434	2016-07-18T00:00:00Z
Red Hat JBoss Enterprise Web Server 2 for RHEL 5
tomcat7-0:7.0.54-21_patch_05.ep6.el5	cpe:/a:redhat:jboss_enterprise_web_server:2::el5	RHBA-2016:0090	2016-01-29T00:00:00Z
Red Hat JBoss Enterprise Web Server 2 for RHEL 6
tomcat7-0:7.0.54-21_patch_05.ep6.el6	cpe:/a:redhat:jboss_enterprise_web_server:2::el6	RHBA-2016:0090	2016-01-29T00:00:00Z
Red Hat JBoss Enterprise Web Server 2 for RHEL 7
tomcat7-0:7.0.54-21_patch_05.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:2::el7	RHBA-2016:0090	2016-01-29T00:00:00Z
Red Hat JBoss Web Server 3.0
	cpe:/a:redhat:jboss_enterprise_web_server:3.0	RHSA-2015:2661	2015-12-16T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 6
apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el6	RHSA-2015:2659	2015-12-16T00:00:00Z
httpd24-0:2.4.6-59.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el6	RHSA-2015:2659	2015-12-16T00:00:00Z
mod_bmx-0:0.9.5-7.GA.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el6	RHSA-2015:2659	2015-12-16T00:00:00Z
mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el6	RHSA-2015:2659	2015-12-16T00:00:00Z
tomcat7-0:7.0.59-42_patch_01.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el6	RHSA-2015:2659	2015-12-16T00:00:00Z
tomcat8-0:8.0.18-52_patch_01.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el6	RHSA-2015:2659	2015-12-16T00:00:00Z
tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el6	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el6	RHSA-2015:2659	2015-12-16T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7	RHSA-2015:2660	2015-12-16T00:00:00Z
httpd24-0:2.4.6-59.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7	RHSA-2015:2660	2015-12-16T00:00:00Z
mod_bmx-0:0.9.5-7.GA.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7	RHSA-2015:2660	2015-12-16T00:00:00Z
mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7	RHSA-2015:2660	2015-12-16T00:00:00Z
tomcat7-0:7.0.59-42_patch_01.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7	RHSA-2015:2660	2015-12-16T00:00:00Z
tomcat8-0:8.0.18-52_patch_01.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7	RHSA-2015:2660	2015-12-16T00:00:00Z
tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.0::el7	RHSA-2015:2660	2015-12-16T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-435-1	tomcat6 security update
Debian DSA	DSA-3530-1	tomcat6 security update
Debian DSA	DSA-3552-1	tomcat7 security update
Debian DSA	DSA-3609-1	tomcat8 security update
EUVD	EUVD-2022-2849	Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Github GHSA	GHSA-6qr6-x7jm-x2q6	Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Ubuntu USN	USN-3024-1	Tomcat vulnerabilities

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.04801.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
http://marc.info/?l=bugtraq&m=145974991225029&w=2
http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html
http://rhn.redhat.com/errata/RHSA-2016-1435.html
http://rhn.redhat.com/errata/RHSA-2016-2045.html
http://rhn.redhat.com/errata/RHSA-2016-2599.html
http://seclists.org/bugtraq/2016/Feb/149
http://svn.apache.org/viewvc?view=revision&revision=1696281
http://svn.apache.org/viewvc?view=revision&revision=1696284
http://svn.apache.org/viewvc?view=revision&revision=1700897
http://svn.apache.org/viewvc?view=revision&revision=1700898
http://svn.apache.org/viewvc?view=revision&revision=1700900
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www.debian.org/security/2016/dsa-3530
http://www.debian.org/security/2016/dsa-3552
http://www.debian.org/security/2016/dsa-3609
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.securityfocus.com/bid/83329
http://www.securitytracker.com/id/1035070
http://www.ubuntu.com/usn/USN-3024-1
https://access.redhat.com/errata/RHSA-2016:1432
https://access.redhat.com/errata/RHSA-2016:1433
https://access.redhat.com/errata/RHSA-2016:1434
https://bto.bluecoat.com/security-advisory/sa118
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2015-5174
https://security.gentoo.org/glsa/201705-09
https://security.netapp.com/advisory/ntap-20180531-0001/
https://www.cve.org/CVERecord?id=CVE-2015-5174

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00693}`	epss `{'score': 0.0093}`

Subscriptions

Apache Tomcat

Canonical Ubuntu Linux

Debian Debian Linux

Redhat Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Web Server

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-02-25T01:00:00.000Z

Updated: 2024-08-06T06:41:07.953Z

Reserved: 2015-07-01T00:00:00.000Z

Link: CVE-2015-5174

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-02-25T01:59:00.120

Modified: 2026-05-06T22:30:45.220

Link: CVE-2015-5174

Redhat

Severity : Low

Publid Date: 2016-02-22T00:00:00Z

Links: CVE-2015-5174 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object