CVE-2015-5174

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.0.0 through 6.0.44 Apache Tomcat versions 7.0.0 through 7.0.64 Apache Tomcat versions 8.0.0 through 8.0.26

Description The issue is related to a directory traversal vulnerability in the RequestUtil.java file. This vulnerability allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. The vulnerability can be exploited by using the "/.." symbols in the path name, which can allow an attacker to obtain a directory listing for the directory in which the web application had been deployed, typically $CATALINA BASE/webapps. This should not be possible when running under a security manager.

Recommendations For Apache Tomcat versions 6.0.0 through 6.0.44, update to version 6.0.45 or later. For Apache Tomcat versions 7.0.0 through 7.0.64, update to version 7.0.65 or later. For Apache Tomcat versions 8.0.0 through 8.0.26, update to version 8.0.27 or later. As a temporary workaround, consider restricting access to the getResource, getResourceAsStream, and getResourcePaths methods to minimize the risk of exploitation.