mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1017 B
1017 B
CVE-2015-5174
Description
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
POC
Reference
- http://packetstormsecurity.com/files/135883/Apache-Tomcat-Limited-Directory-Traversal.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Github
No PoCs found on GitHub currently.