CVE-2015-5345
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
5.3
MEDIUM
CVSS 3.1
EPSS 49.9%
Description
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
How to fix CVE-2015-5345
To remediate CVE-2015-5345, upgrade the affected package to a fixed version below.
- —upgrade to 9.0.0.M2 or later
Is CVE-2015-5345 being exploited?
Moderate — EPSS is 49.9%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 9.0.0.M1, < 9.0.0.M2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |