Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2015-5174 - Vulnerability Database
Apache Tomcat

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2015-5174

Medium
Reference: CVE-2015-5174
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-5174
Title: Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45 7.x before 7.0.65 and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource getResourceAsStream or getResourcePaths call as demonstrated by the CATALINA_BASE/webapps directory.