Mark Koek

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 6.x through 6.0.44 Apache Tomcat versions 7.x through 7.0.67 Apache Tomcat versions 8.x through 8.0.30 Apache Tomcat versions 9.x through 9.0.0.M1 **Description** The issue is related to the lack of protection for internal data in the Apache Tomcat server, allowing a remote attacker to bypass access restrictions and read arbitrary HTTP requests using a specially crafted web application. This could expose sensitive information, such as session IDs, from other web applications. The issue only affects users running untrusted web applications under a security manager. **Recommendations** For Apache Tomcat versions 6.x through 6.0.44, update to version 6.0.45 or later. For Apache Tomcat versions 7.x through 7.0.67, update to version 7.0.68 or later. For Apache Tomcat versions 8.x through 8.0.30, update to version 8.0.31 or later. For Apache Tomcat versions 9.x through 9.0.0.M1, update to version 9.0.0.M2 or later. As a temporary workaround, consider restricting access to the `org.apache.catalina.manager.StatusManagerServlet` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 6.x before 6.0.45 Apache Tomcat versions 7.x before 7.0.68 Apache Tomcat versions 8.x before 8.0.30 Apache Tomcat versions 9.x before 9.0.0.M2 **Description** The Mapper component in Apache Tomcat processes redirects before considering security constraints and Filters, allowing remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character. This occurs when accessing a directory protected by a security constraint with a URL that did not end in a slash, causing Tomcat to redirect to the URL with the trailing slash and thereby confirming the presence of the directory before processing the security constraint. **Recommendations** For Apache Tomcat versions 6.x before 6.0.45, update to version 6.0.45 or later. For Apache Tomcat versions 7.x before 7.0.68, update to version 7.0.68 or later. For Apache Tomcat versions 8.x before 8.0.30, update to version 8.0.30 or later. For Apache Tomcat versions 9.x before 9.0.0.M2, update to version 9.0.0.M2 or later. As a temporary workaround, consider implementing the redirect in the DefaultServlet to process security constraints and/or security enforcing Filters before the redirect. Additionally, consider configuring the Context options mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled to false to prevent redirects from occurring before security constraints are processed.