CVE-2015-5174 Information

Description

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45 7.x before 7.0.65 and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource getResourceAsStream or getResourcePaths call as demonstrated by the $CATALINA_BASE/webapps directory.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html http://rhn.redhat.com/errata/RHSA-2016-1435.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016-2599.html http://seclists.org/bugtraq/2016/Feb/149 http://svn.apache.org/viewvc?view=revision&revision=1696281 http://svn.apache.org/viewvc?view=revision&revision=1696284 http://svn.apache.org/viewvc?view=revision&revision=1700897 http://svn.apache.org/viewvc?view=revision&revision=1700898 http://svn.apache.org/viewvc?view=revision&revision=1700900 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://www.debian.org/security/2016/dsa-3530 http://www.debian.org/security/2016/dsa-3552 http://www.debian.org/security/2016/dsa-3609 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/83329 http://www.securitytracker.com/id/1035070 http://www.ubuntu.com/usn/USN-3024-1 https://access.redhat.com/errata/RHSA-2016:1432 https://access.redhat.com/errata/RHSA-2016:1433 https://access.redhat.com/errata/RHSA-2016:1434 https://bto.bluecoat.com/security-advisory/sa118 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626 https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@3Cusers.tomcat.apache.org3E https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@3Cusers.tomcat.apache.org3E https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@3Cusers.tomcat.apache.org3E https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@3Cusers.tomcat.apache.org3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@3Cusers.tomcat.apache.org3E https://security.gentoo.org/glsa/201705-09 https://security.netapp.com/advisory/ntap-20180531-0001/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3