UBUNTU-CVE-2015-5345
- Source
- https://ubuntu.com/security/CVE-2015-5345
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5345.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2015-5345
- Upstream
- Downstream
- Related
- Published
- 2016-02-24T00:00:00Z
- Modified
- 2025-07-16T08:18:04.428614Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
- References
Affected packages
Ubuntu:14.04:LTS / tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.39-1ubuntu0.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.0.39-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libservlet2.4-java",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "libservlet2.5-java",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "libservlet2.5-java-doc",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "libtomcat6-java",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-admin",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-common",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-docs",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-examples",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-extras",
"binary_version": "6.0.39-1ubuntu0.1"
},
{
"binary_name": "tomcat6-user",
"binary_version": "6.0.39-1ubuntu0.1"
}
]
}
Ubuntu:14.04:LTS / tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.6?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.52-1ubuntu0.6
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libservlet3.0-java",
"binary_version": "7.0.52-1ubuntu0.6"
},
{
"binary_name": "libservlet3.0-java-doc",
"binary_version": "7.0.52-1ubuntu0.6"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.52-1ubuntu0.6"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.52-1ubuntu0.6"
},
{
"binary_name": "tomcat7-admin",
"binary_version": "7.0.52-1ubuntu0.6"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.52-1ubuntu0.6"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.52-1ubuntu0.6"
},
{
"binary_name": "tomcat7-examples",
"binary_version": "7.0.52-1ubuntu0.6"
},
{
"binary_name": "tomcat7-user",
"binary_version": "7.0.52-1ubuntu0.6"
}
]
}
Ubuntu:16.04:LTS / tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.45+dfsg-1?arch=source&distro=xenial
Ubuntu:16.04:LTS / tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.68-1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.68-1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libservlet3.0-java",
"binary_version": "7.0.68-1"
},
{
"binary_name": "libservlet3.0-java-doc",
"binary_version": "7.0.68-1"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.68-1"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.68-1"
},
{
"binary_name": "tomcat7-admin",
"binary_version": "7.0.68-1"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.68-1"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.68-1"
},
{
"binary_name": "tomcat7-examples",
"binary_version": "7.0.68-1"
},
{
"binary_name": "tomcat7-user",
"binary_version": "7.0.68-1"
}
]
}
Ubuntu:16.04:LTS / tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0.32-1ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libservlet3.1-java",
"binary_version": "8.0.32-1ubuntu1"
},
{
"binary_name": "libservlet3.1-java-doc",
"binary_version": "8.0.32-1ubuntu1"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.0.32-1ubuntu1"
},
{
"binary_name": "tomcat8",
"binary_version": "8.0.32-1ubuntu1"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.0.32-1ubuntu1"
},
{
"binary_name": "tomcat8-common",
"binary_version": "8.0.32-1ubuntu1"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.0.32-1ubuntu1"
},
{
"binary_name": "tomcat8-examples",
"binary_version": "8.0.32-1ubuntu1"
},
{
"binary_name": "tomcat8-user",
"binary_version": "8.0.32-1ubuntu1"
}
]
}
Ubuntu:18.04:LTS / tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9@9.0.16-3~18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.0.16-3~18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.16-3~18.04.1"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.16-3~18.04.1"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.16-3~18.04.1"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.16-3~18.04.1"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.16-3~18.04.1"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.16-3~18.04.1"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.16-3~18.04.1"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.16-3~18.04.1"
}
]
}