CVE
- Id
- 82451
- CVE No.
- CVE-2015-5174
- Status
- Candidate
- Description
- Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
- Phase
- Assigned (20150701)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 738570 | 82451 | CVE-2015-5174 | BUGTRAQ:20160222 [SECURITY] CVE-2015-5174 Apache Tomcat Limited Directory Traversal | View |
| 738571 | 82451 | CVE-2015-5174 | URL:http://seclists.org/bugtraq/2016/Feb/149 | View |
| 738572 | 82451 | CVE-2015-5174 | MISC:http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html | View |
| 738573 | 82451 | CVE-2015-5174 | CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1696281 | View |
| 738574 | 82451 | CVE-2015-5174 | CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1696284 | View |
| 738575 | 82451 | CVE-2015-5174 | CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1700897 | View |
| 738576 | 82451 | CVE-2015-5174 | CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1700898 | View |
| 738577 | 82451 | CVE-2015-5174 | CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1700900 | View |
| 738578 | 82451 | CVE-2015-5174 | CONFIRM:http://tomcat.apache.org/security-6.html | View |
| 738579 | 82451 | CVE-2015-5174 | CONFIRM:http://tomcat.apache.org/security-7.html | View |
| 738580 | 82451 | CVE-2015-5174 | CONFIRM:http://tomcat.apache.org/security-8.html | View |
| 738581 | 82451 | CVE-2015-5174 | CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442 | View |
| 738582 | 82451 | CVE-2015-5174 | CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626 | View |
| 738583 | 82451 | CVE-2015-5174 | CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964 | View |
| 738584 | 82451 | CVE-2015-5174 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html | View |
| 738585 | 82451 | CVE-2015-5174 | CONFIRM:https://bto.bluecoat.com/security-advisory/sa118 | View |
| 738586 | 82451 | CVE-2015-5174 | DEBIAN:DSA-3530 | View |
| 738587 | 82451 | CVE-2015-5174 | URL:http://www.debian.org/security/2016/dsa-3530 | View |
| 738588 | 82451 | CVE-2015-5174 | DEBIAN:DSA-3609 | View |
| 738589 | 82451 | CVE-2015-5174 | URL:http://www.debian.org/security/2016/dsa-3609 | View |
| 738590 | 82451 | CVE-2015-5174 | DEBIAN:DSA-3552 | View |
| 738591 | 82451 | CVE-2015-5174 | URL:http://www.debian.org/security/2016/dsa-3552 | View |
| 738592 | 82451 | CVE-2015-5174 | HP:HPSBUX03561 | View |
| 738593 | 82451 | CVE-2015-5174 | URL:http://marc.info/?l=bugtraq&m=145974991225029&w=2 | View |
| 738594 | 82451 | CVE-2015-5174 | REDHAT:RHSA-2016:1433 | View |
| 738595 | 82451 | CVE-2015-5174 | URL:https://access.redhat.com/errata/RHSA-2016:1433 | View |
| 738596 | 82451 | CVE-2015-5174 | REDHAT:RHSA-2016:1434 | View |
| 738597 | 82451 | CVE-2015-5174 | URL:https://access.redhat.com/errata/RHSA-2016:1434 | View |
| 738598 | 82451 | CVE-2015-5174 | REDHAT:RHSA-2016:1435 | View |
| 738599 | 82451 | CVE-2015-5174 | URL:http://rhn.redhat.com/errata/RHSA-2016-1435.html | View |
| 738600 | 82451 | CVE-2015-5174 | REDHAT:RHSA-2016:2045 | View |
| 738601 | 82451 | CVE-2015-5174 | URL:http://rhn.redhat.com/errata/RHSA-2016-2045.html | View |
| 738602 | 82451 | CVE-2015-5174 | REDHAT:RHSA-2016:1432 | View |
| 738603 | 82451 | CVE-2015-5174 | URL:https://access.redhat.com/errata/RHSA-2016:1432 | View |
| 738604 | 82451 | CVE-2015-5174 | SUSE:SUSE-SU-2016:0769 | View |
| 738605 | 82451 | CVE-2015-5174 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html | View |
| 738606 | 82451 | CVE-2015-5174 | SUSE:SUSE-SU-2016:0822 | View |
| 738607 | 82451 | CVE-2015-5174 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html | View |
| 738608 | 82451 | CVE-2015-5174 | SUSE:SUSE-SU-2016:0839 | View |
| 738609 | 82451 | CVE-2015-5174 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html | View |
| 738610 | 82451 | CVE-2015-5174 | SUSE:openSUSE-SU-2016:0865 | View |
| 738611 | 82451 | CVE-2015-5174 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html | View |
| 738612 | 82451 | CVE-2015-5174 | UBUNTU:USN-3024-1 | View |
| 738613 | 82451 | CVE-2015-5174 | URL:http://www.ubuntu.com/usn/USN-3024-1 | View |
| 738614 | 82451 | CVE-2015-5174 | BID:83329 | View |
| 738615 | 82451 | CVE-2015-5174 | URL:http://www.securityfocus.com/bid/83329 | View |
| 738616 | 82451 | CVE-2015-5174 | SECTRACK:1035070 | View |
