CVE-2015-5174 (GCVE-0-2015-5174)

Vulnerability from cvelistv5 – Published: 2016-02-25 01:00 – Updated: 2024-08-06 06:41
VLAI
Summary
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Severity
4.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • n/a
Assigner
References
URL Tags
https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
https://security.gentoo.org/glsa/201705-09 vendor-advisoryx_refsource_GENTOO
http://svn.apache.org/viewvc?view=revision&revisi… x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-3024-1 vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-2045.html vendor-advisoryx_refsource_REDHAT
http://www.debian.org/security/2016/dsa-3530 vendor-advisoryx_refsource_DEBIAN
http://tomcat.apache.org/security-7.html x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=145974991225029&w=2 vendor-advisoryx_refsource_HP
http://svn.apache.org/viewvc?view=revision&revisi… x_refsource_CONFIRM
http://tomcat.apache.org/security-8.html x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1434 vendor-advisoryx_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revisi… x_refsource_CONFIRM
http://www.securitytracker.com/id/1035070 vdb-entryx_refsource_SECTRACK
https://bto.bluecoat.com/security-advisory/sa118 x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2016:1433 vendor-advisoryx_refsource_REDHAT
https://security.netapp.com/advisory/ntap-2018053… x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html x_refsource_CONFIRM
http://www.securityfocus.com/bid/83329 vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2016:1432 vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-2599.html vendor-advisoryx_refsource_REDHAT
http://seclists.org/bugtraq/2016/Feb/149 mailing-listx_refsource_BUGTRAQ
http://www.debian.org/security/2016/dsa-3609 vendor-advisoryx_refsource_DEBIAN
http://packetstormsecurity.com/files/135883/Apach… x_refsource_MISC
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://svn.apache.org/viewvc?view=revision&revisi… x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revisi… x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-1435.html vendor-advisoryx_refsource_REDHAT
https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3552 vendor-advisoryx_refsource_DEBIAN
https://lists.apache.org/thread.html/b8a1bf18155b… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd586… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd4863c79bf7… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0b24f2c7507… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r15695e6203b… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r409efdf706c… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r1c62634b742… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e… mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1… mailing-listx_refsource_MLIST
Date Public
2016-02-22 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:41:07.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "name": "GLSA-201705-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201705-09"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700900"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "openSUSE-SU-2016:0865",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"
          },
          {
            "name": "USN-3024-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3024-1"
          },
          {
            "name": "SUSE-SU-2016:0769",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"
          },
          {
            "name": "RHSA-2016:2045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
          },
          {
            "name": "DSA-3530",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3530"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "name": "HPSBUX03561",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145974991225029\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1696284"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "name": "RHSA-2016:1434",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1434"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700898"
          },
          {
            "name": "1035070",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035070"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa118"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"
          },
          {
            "name": "RHSA-2016:1433",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1433"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180531-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "name": "83329",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83329"
          },
          {
            "name": "RHSA-2016:1432",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1432"
          },
          {
            "name": "SUSE-SU-2016:0822",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"
          },
          {
            "name": "RHSA-2016:2599",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
          },
          {
            "name": "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Feb/149"
          },
          {
            "name": "DSA-3609",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3609"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html"
          },
          {
            "name": "SUSE-SU-2016:0839",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1696281"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700897"
          },
          {
            "name": "RHSA-2016:1435",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"
          },
          {
            "name": "DSA-3552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3552"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200130 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200130 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200131 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200203 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200204 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:09:39.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "name": "GLSA-201705-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201705-09"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700900"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "openSUSE-SU-2016:0865",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"
        },
        {
          "name": "USN-3024-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3024-1"
        },
        {
          "name": "SUSE-SU-2016:0769",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"
        },
        {
          "name": "RHSA-2016:2045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
        },
        {
          "name": "DSA-3530",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3530"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-7.html"
        },
        {
          "name": "HPSBUX03561",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145974991225029\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1696284"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-8.html"
        },
        {
          "name": "RHSA-2016:1434",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1434"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700898"
        },
        {
          "name": "1035070",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035070"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa118"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"
        },
        {
          "name": "RHSA-2016:1433",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1433"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180531-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "name": "83329",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/83329"
        },
        {
          "name": "RHSA-2016:1432",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1432"
        },
        {
          "name": "SUSE-SU-2016:0822",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"
        },
        {
          "name": "RHSA-2016:2599",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
        },
        {
          "name": "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Feb/149"
        },
        {
          "name": "DSA-3609",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3609"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html"
        },
        {
          "name": "SUSE-SU-2016:0839",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1696281"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700897"
        },
        {
          "name": "RHSA-2016:1435",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"
        },
        {
          "name": "DSA-3552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3552"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200130 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200130 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200131 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200203 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200204 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-5174",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "GLSA-201705-09",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201705-09"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700900",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700900"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "openSUSE-SU-2016:0865",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"
            },
            {
              "name": "USN-3024-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3024-1"
            },
            {
              "name": "SUSE-SU-2016:0769",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"
            },
            {
              "name": "RHSA-2016:2045",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
            },
            {
              "name": "DSA-3530",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3530"
            },
            {
              "name": "http://tomcat.apache.org/security-7.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-7.html"
            },
            {
              "name": "HPSBUX03561",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=145974991225029\u0026w=2"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1696284",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1696284"
            },
            {
              "name": "http://tomcat.apache.org/security-8.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-8.html"
            },
            {
              "name": "RHSA-2016:1434",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1434"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700898",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700898"
            },
            {
              "name": "1035070",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035070"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa118",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa118"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"
            },
            {
              "name": "RHSA-2016:1433",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1433"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180531-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180531-0001/"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "83329",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/83329"
            },
            {
              "name": "RHSA-2016:1432",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1432"
            },
            {
              "name": "SUSE-SU-2016:0822",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"
            },
            {
              "name": "RHSA-2016:2599",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
            },
            {
              "name": "20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2016/Feb/149"
            },
            {
              "name": "DSA-3609",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3609"
            },
            {
              "name": "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html"
            },
            {
              "name": "SUSE-SU-2016:0839",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1696281",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1696281"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700897",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1700897"
            },
            {
              "name": "RHSA-2016:1435",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1435.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"
            },
            {
              "name": "DSA-3552",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3552"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200130 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200130 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200131 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200203 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20200204 Re: 7.0.59 to 7.0.99 upgrade, CVE-2015-5174 fix prevents us from accessing resources outside context",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-5174",
    "datePublished": "2016-02-25T01:00:00.000Z",
    "dateReserved": "2015-07-01T00:00:00.000Z",
    "dateUpdated": "2024-08-06T06:41:07.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-5174",
      "date": "2026-06-05",
      "epss": "0.04801",
      "percentile": "0.89691"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49E3C039-A949-4F1B-892A-57147EECB249\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A354C34-A3FE-4B8A-9985-8874A0634BC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F28C7801-41B9-4552-BA1E-577967BCBBEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFE300CC-FD4A-444E-8506-E5E269D0A0A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25B21085-7259-4685-9D1F-FF98E6489E10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"F50A3EC9-516E-48A7-839B-A73F491B5B9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAC2FC75-97D2-4EA1-A1A0-F592A6D7C1F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D903956B-14F5-4177-AF12-0A5F1846D3C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2823789C-2CB6-4300-94DB-BDBE83ABA8E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31B3593F-CEDF-423C-90F8-F88EED87DC3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE7862B2-E1FA-4E16-92CD-8918AB461D9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9E03BE3-60CC-4415-B993-D0BB00F87A30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48E5E8C3-21AD-4230-B945-AB7DE66307B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4945C8C1-C71B-448B-9075-07C6C92599CF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED4730B0-2E09-408B-AFD4-FE00F73700FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8DE8A8A-7643-4292-BCC1-758AE0940207\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E9B54FCD-CF7C-47E2-8513-40419E47AF49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D87EFB6D-B626-469F-907C-40C771A55833\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6330B97B-8FC5-4D7E-A960-5D94EDD0C378\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A0B2FA4-772E-4B23-8B3F-CC86515E4226\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"33E9607B-4D28-460D-896B-E4B7FA22441E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"81A31CA0-A209-4C49-AA06-C38E165E5B68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AA563BF-A67A-477D-956A-167ABEF885C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F1B937B-57E0-4E88-9E39-39012A924525\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8980E61E-27BE-4858-82B3-C0E8128AF521\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F74A421-D019-4248-84B8-C70D4D9A8A95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"305688F2-50A6-41FB-8614-BC589DB9A789\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25966344-15D5-4101-9346-B06BFD2DFFF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D4F710E-06EA-48F4-AC6A-6F143950F015\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C4936C2-0B2D-4C44-98C3-443090965F5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48453405-2319-4327-9F4C-6F70B49452C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4670E65-2E11-49A4-B661-57C2F60D411F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31002A23-4788-4BC7-AE11-A3C2AA31716D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7144EDDF-8265-4642-8EEB-ED52527E0A26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF06B5C1-B9DD-4673-A101-56E1E593ACDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D731065-626B-4425-8E49-F708DD457824\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3D850EA-E537-42C8-93B9-96E15CB26747\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E037DA05-2BEF-4F64-B8BB-307247B6A05C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D395D95B-1F4A-420E-A0F6-609360AF7B69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BD221BA-0AB6-4972-8AD9-5D37AC07762F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E55B6565-96CB-4F6A-9A80-C3FB82F30546\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3300AFE-49A4-4904-B9A0-5679F09FA01E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C6109D1-BC36-40C5-A02A-7AEBC949BAC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA8A7333-B4C3-4876-AE01-62F2FD315504\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92993E23-D805-407B-8B87-11CEEE8B212F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C947E549-2459-4AFB-84A7-36BDA30B5F29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D55DF79-F9BE-4907-A4D8-96C4B11189ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14AB5787-82D7-4F78-BE93-4556AB7A7D0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8E9453E-BC9B-4F77-85FA-BA15AC55C245\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7EF0518-73F9-47DB-8946-A8334936BEFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95AA8778-7833-4572-A71B-5FD89938CE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"242E47CE-EF69-4F8F-AB40-5AF2811674CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDA1555C-E55A-4E14-B786-BFEE3F09220B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8075E9A-DA7F-4A0B-8B4D-0CD951369111\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"335A5320-6086-4B45-9903-82F6F92A584F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46B33408-C2E2-4E7C-9334-6AB98F13468C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F036676-9EFB-4A92-828E-A38905D594E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4752862B-7D26-4285-B8A0-CF082C758353\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*\", \"matchCriteriaId\": \"58EA7199-3373-4F97-9907-3A479A02155E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F963D737-2E95-4D7C-92C7-DACF3F36D1E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BBBC5EA-012C-4C5D-A61B-BAF134B300DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A358FDF-C249-4D7A-9445-8B9E7D9D40AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"701424A2-BB06-44B5-B468-7164E4F95529\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BA6388C-5B6E-4651-8AE3-EBCCF61C27E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F9A5B7E-33A9-4651-9BE1-371A0064B661\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F99252E8-A59C-48E1-B251-718D7FB3E399\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E0DDEF6-A8EE-46C4-A046-A1F26E7C4E87\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14B38892-9C00-4510-B7BA-F2A8F2CACCAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7409B064-D43E-489E-AEC6-0A767FB21737\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F019268F-80C4-48FE-8164-E9DA0A3BAFF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EFBD214-FCFE-4F04-A903-66EFDA764B9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"425D86B3-6BB9-410D-8125-F7CF87290AD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EE3BB0D-1002-41E4-9BE8-875D97330057\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6622472B-8644-4D45-A54B-A215C3D64B83\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E88A537F-F4D0-46B9-9E37-965233C2A355\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en RequestUtil.java en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.65 y 8.x en versiones anteriores a 8.0.27 permite a usuarios remotos autenticados eludir las restricciones de SecurityManager destinadas y listar un directorio padre a trav\\u00e9s de un /.. (barra punto punto) en un nombre de ruta utilizado por una aplicaci\\u00f3n web en una llamada getResource, getResourceAsStream o getResourcePaths, seg\\u00fan lo demostrado por el directorio $CATALINA_BASE/webapps.\"}]",
      "id": "CVE-2015-5174",
      "lastModified": "2024-11-21T02:32:29.977",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-02-25T01:59:00.120",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=145974991225029\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1435.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2045.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2599.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/bugtraq/2016/Feb/149\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1696281\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1696284\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1700897\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1700898\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1700900\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://tomcat.apache.org/security-6.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tomcat.apache.org/security-7.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tomcat.apache.org/security-8.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3530\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3552\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3609\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/83329\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1035070\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-3024-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1432\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1433\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1434\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa118\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201705-09\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180531-0001/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=145974991225029\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-1435.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2045.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2016-2599.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/bugtraq/2016/Feb/149\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1696281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1696284\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1700897\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1700898\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1700900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tomcat.apache.org/security-6.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tomcat.apache.org/security-7.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tomcat.apache.org/security-8.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2016/dsa-3530\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3552\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2016/dsa-3609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/83329\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1035070\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-3024-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1432\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1433\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2016:1434\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201705-09\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180531-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-5174\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-02-25T01:59:00.120\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en RequestUtil.java en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.65 y 8.x en versiones anteriores a 8.0.27 permite a usuarios remotos autenticados eludir las restricciones de SecurityManager destinadas y listar un directorio padre a trav\u00e9s de un /.. (barra punto punto) en un nombre de ruta utilizado por una aplicaci\u00f3n web en una llamada getResource, getResourceAsStream o getResourcePaths, seg\u00fan lo demostrado por el directorio $CATALINA_BASE/webapps.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A354C34-A3FE-4B8A-9985-8874A0634BC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE300CC-FD4A-444E-8506-E5E269D0A0A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"F50A3EC9-516E-48A7-839B-A73F491B5B9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C28F09D-5CAA-4CA7-A2B5-3B2820F5F409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC2FC75-97D2-4EA1-A1A0-F592A6D7C1F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8802B2-57E0-4AA6-BC8E-00DE60468569\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4C9BCF-9C73-4991-B02F-E08C5DA06EBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2823789C-2CB6-4300-94DB-BDBE83ABA8E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5416C76-46ED-4CB1-A7F8-F24EA16DE7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31B3593F-CEDF-423C-90F8-F88EED87DC3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7862B2-E1FA-4E16-92CD-8918AB461D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9E03BE3-60CC-4415-B993-D0BB00F87A30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E5E8C3-21AD-4230-B945-AB7DE66307B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4945C8C1-C71B-448B-9075-07C6C92599CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED4730B0-2E09-408B-AFD4-FE00F73700FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8DE8A8A-7643-4292-BCC1-758AE0940207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9B54FCD-CF7C-47E2-8513-40419E47AF49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D87EFB6D-B626-469F-907C-40C771A55833\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6330B97B-8FC5-4D7E-A960-5D94EDD0C378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A0B2FA4-772E-4B23-8B3F-CC86515E4226\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"81A31CA0-A209-4C49-AA06-C38E165E5B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AA563BF-A67A-477D-956A-167ABEF885C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F1B937B-57E0-4E88-9E39-39012A924525\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"305688F2-50A6-41FB-8614-BC589DB9A789\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25966344-15D5-4101-9346-B06BFD2DFFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D4F710E-06EA-48F4-AC6A-6F143950F015\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C4936C2-0B2D-4C44-98C3-443090965F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48453405-2319-4327-9F4C-6F70B49452C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49DD9544-6424-41A6-AEC0-EC19B8A10E71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4670E65-2E11-49A4-B661-57C2F60D411F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31002A23-4788-4BC7-AE11-A3C2AA31716D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7144EDDF-8265-4642-8EEB-ED52527E0A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF06B5C1-B9DD-4673-A101-56E1E593ACDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D731065-626B-4425-8E49-F708DD457824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3D850EA-E537-42C8-93B9-96E15CB26747\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E037DA05-2BEF-4F64-B8BB-307247B6A05C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D395D95B-1F4A-420E-A0F6-609360AF7B69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BD221BA-0AB6-4972-8AD9-5D37AC07762F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55B6565-96CB-4F6A-9A80-C3FB82F30546\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3300AFE-49A4-4904-B9A0-5679F09FA01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD93669-1B30-4BF8-AD7D-F60DD8D63CC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8C8C97F-6C9D-4647-AB8A-ADAA5536DDE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C6109D1-BC36-40C5-A02A-7AEBC949BAC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA8A7333-B4C3-4876-AE01-62F2FD315504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92993E23-D805-407B-8B87-11CEEE8B212F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AA28D3A-3EE5-4F90-B8F5-4943F7607DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C947E549-2459-4AFB-84A7-36BDA30B5F29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D55DF79-F9BE-4907-A4D8-96C4B11189ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14AB5787-82D7-4F78-BE93-4556AB7A7D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8E9453E-BC9B-4F77-85FA-BA15AC55C245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7EF0518-73F9-47DB-8946-A8334936BEFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95AA8778-7833-4572-A71B-5FD89938CE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"242E47CE-EF69-4F8F-AB40-5AF2811674CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA1555C-E55A-4E14-B786-BFEE3F09220B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8075E9A-DA7F-4A0B-8B4D-0CD951369111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"335A5320-6086-4B45-9903-82F6F92A584F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46B33408-C2E2-4E7C-9334-6AB98F13468C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F036676-9EFB-4A92-828E-A38905D594E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4752862B-7D26-4285-B8A0-CF082C758353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*\",\"matchCriteriaId\":\"58EA7199-3373-4F97-9907-3A479A02155E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F963D737-2E95-4D7C-92C7-DACF3F36D1E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BBBC5EA-012C-4C5D-A61B-BAF134B300DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A358FDF-C249-4D7A-9445-8B9E7D9D40AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"701424A2-BB06-44B5-B468-7164E4F95529\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BA6388C-5B6E-4651-8AE3-EBCCF61C27E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F9A5B7E-33A9-4651-9BE1-371A0064B661\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F99252E8-A59C-48E1-B251-718D7FB3E399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0DDEF6-A8EE-46C4-A046-A1F26E7C4E87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14B38892-9C00-4510-B7BA-F2A8F2CACCAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7409B064-D43E-489E-AEC6-0A767FB21737\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F019268F-80C4-48FE-8164-E9DA0A3BAFF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EFBD214-FCFE-4F04-A903-66EFDA764B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"425D86B3-6BB9-410D-8125-F7CF87290AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE3BB0D-1002-41E4-9BE8-875D97330057\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6622472B-8644-4D45-A54B-A215C3D64B83\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E88A537F-F4D0-46B9-9E37-965233C2A355\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=145974991225029\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1435.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2045.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2599.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/bugtraq/2016/Feb/149\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1696281\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1696284\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1700897\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1700898\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1700900\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3530\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3552\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3609\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/83329\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1035070\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3024-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1432\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1433\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1434\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa118\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201705-09\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180531-0001/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=145974991225029\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-1435.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2016-2599.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/bugtraq/2016/Feb/149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1696281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1696284\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1700897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1700898\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1700900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-8.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2016/dsa-3530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2016/dsa-3609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/83329\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035070\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-3024-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1433\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2016:1434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0b24f2c7507f702348e2c2d64e8a5de72bad6173658e8d8e45322ac2%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r15695e6203b026c9e9070ca9fa95fb17dd4cd88e5342a7dc5e1e7b85%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1c62634b7426bee5f553307063457b99c84af73b078ede4f2592b34e%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r409efdf706c2077ae5c37018a87da725a3ca89570a9530342cdc53e4%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd4863c79bf729aabb95571fd845a9ea4ee3ae3fcee48f35aba007350%40%3Cusers.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201705-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180531-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.