CVE-2015-5174
CVE-2015-5174
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.htmlhttp://marc.info/?l=bugtraq&m=145974991225029&w=2http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1435.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2045.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2599.htmlhttps://access.redhat.com/errata/RHSA-2016:1432https://access.redhat.com/errata/RHSA-2016:1433https://access.redhat.com/errata/RHSA-2016:1434