FortiClient VulnerabilityApache Tomcat CVE-2015-5345 Path Traversal Vulnerability
Description
When accessing a directory protected by a security constraint with a URL that did not end in a slash, Tomcat would redirect to the URL with the trailing slash thereby confirming the presence of the directory before processing the security constraint. It was therefore possible for a user to determine if a directory existed or not, even if the user was not permitted to view the directory. The issue also occurred at the root of a web application in which case the presence of the web application was confirmed, even if a user did not have access.
Affected Applications
Apache Tomcat
CVE References
CVE-2015-5345Other References
http://tomcat.apache.org/security.html| ID | 43298 |
| Created | Jan 17, 2020 |
| Description Updated |
Dec 14, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Linux |
| Vendor | Apache |
| Patch | manual |
| Application | Apache Tomcat |