CVE-2015-5345

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.x before 6.0.45 Apache Tomcat versions 7.x before 7.0.68 Apache Tomcat versions 8.x before 8.0.30 Apache Tomcat versions 9.x before 9.0.0.M2

Description The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, allowing remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. This occurs when accessing a directory protected by a security constraint with a URL that did not end in a slash, causing Tomcat to redirect to the URL with the trailing slash and thereby confirming the presence of the directory before processing the security constraint.

Recommendations For Apache Tomcat versions 6.x before 6.0.45, update to version 6.0.45 or later. For Apache Tomcat versions 7.x before 7.0.68, update to version 7.0.68 or later. For Apache Tomcat versions 8.x before 8.0.30, update to version 8.0.30 or later. For Apache Tomcat versions 9.x before 9.0.0.M2, update to version 9.0.0.M2 or later. As a temporary workaround, consider implementing the redirect in the DefaultServlet to process security constraints and/or security enforcing Filters before the redirect. Additionally, consider configuring the Context options mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled to false to prevent redirects from occurring before security constraints are processed.