The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libservlet2.4-java", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "libservlet2.5-java", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "libservlet2.5-java-doc", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "libtomcat6-java", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "tomcat6", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "tomcat6-admin", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "tomcat6-common", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "tomcat6-docs", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "tomcat6-examples", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "tomcat6-extras", "binary_version": "6.0.39-1ubuntu0.1" }, { "binary_name": "tomcat6-user", "binary_version": "6.0.39-1ubuntu0.1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libservlet3.0-java", "binary_version": "7.0.52-1ubuntu0.6" }, { "binary_name": "libservlet3.0-java-doc", "binary_version": "7.0.52-1ubuntu0.6" }, { "binary_name": "libtomcat7-java", "binary_version": "7.0.52-1ubuntu0.6" }, { "binary_name": "tomcat7", "binary_version": "7.0.52-1ubuntu0.6" }, { "binary_name": "tomcat7-admin", "binary_version": "7.0.52-1ubuntu0.6" }, { "binary_name": "tomcat7-common", "binary_version": "7.0.52-1ubuntu0.6" }, { "binary_name": "tomcat7-docs", "binary_version": "7.0.52-1ubuntu0.6" }, { "binary_name": "tomcat7-examples", "binary_version": "7.0.52-1ubuntu0.6" }, { "binary_name": "tomcat7-user", "binary_version": "7.0.52-1ubuntu0.6" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libservlet3.0-java", "binary_version": "7.0.68-1" }, { "binary_name": "libservlet3.0-java-doc", "binary_version": "7.0.68-1" }, { "binary_name": "libtomcat7-java", "binary_version": "7.0.68-1" }, { "binary_name": "tomcat7", "binary_version": "7.0.68-1" }, { "binary_name": "tomcat7-admin", "binary_version": "7.0.68-1" }, { "binary_name": "tomcat7-common", "binary_version": "7.0.68-1" }, { "binary_name": "tomcat7-docs", "binary_version": "7.0.68-1" }, { "binary_name": "tomcat7-examples", "binary_version": "7.0.68-1" }, { "binary_name": "tomcat7-user", "binary_version": "7.0.68-1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libservlet3.1-java", "binary_version": "8.0.32-1ubuntu1" }, { "binary_name": "libservlet3.1-java-doc", "binary_version": "8.0.32-1ubuntu1" }, { "binary_name": "libtomcat8-java", "binary_version": "8.0.32-1ubuntu1" }, { "binary_name": "tomcat8", "binary_version": "8.0.32-1ubuntu1" }, { "binary_name": "tomcat8-admin", "binary_version": "8.0.32-1ubuntu1" }, { "binary_name": "tomcat8-common", "binary_version": "8.0.32-1ubuntu1" }, { "binary_name": "tomcat8-docs", "binary_version": "8.0.32-1ubuntu1" }, { "binary_name": "tomcat8-examples", "binary_version": "8.0.32-1ubuntu1" }, { "binary_name": "tomcat8-user", "binary_version": "8.0.32-1ubuntu1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "libtomcat9-embed-java", "binary_version": "9.0.16-3~18.04.1" }, { "binary_name": "libtomcat9-java", "binary_version": "9.0.16-3~18.04.1" }, { "binary_name": "tomcat9", "binary_version": "9.0.16-3~18.04.1" }, { "binary_name": "tomcat9-admin", "binary_version": "9.0.16-3~18.04.1" }, { "binary_name": "tomcat9-common", "binary_version": "9.0.16-3~18.04.1" }, { "binary_name": "tomcat9-docs", "binary_version": "9.0.16-3~18.04.1" }, { "binary_name": "tomcat9-examples", "binary_version": "9.0.16-3~18.04.1" }, { "binary_name": "tomcat9-user", "binary_version": "9.0.16-3~18.04.1" } ] }