Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x prior to 6.0.45, 7.x prior to 7.0.65, and 8.x prior to 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
apache tomcat 7.0.2 |
||
apache tomcat 6.0.33 |
||
apache tomcat 6.0.0 |
||
apache tomcat 6.0.39 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.62 |
||
apache tomcat 8.0.17 |
||
apache tomcat 7.0.53 |
||
apache tomcat 6.0.4 |
||
apache tomcat 7.0.20 |
||
apache tomcat 6.0.11 |
||
apache tomcat 7.0.34 |
||
apache tomcat 8.0.26 |
||
apache tomcat 7.0.55 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.63 |
||
apache tomcat 8.0.20 |
||
apache tomcat 7.0.22 |
||
apache tomcat 7.0.39 |
||
apache tomcat 7.0.26 |
||
apache tomcat 7.0.28 |
||
apache tomcat 8.0.1 |
||
apache tomcat 8.0.0 |
||
apache tomcat 7.0.59 |
||
apache tomcat 6.0.44 |
||
apache tomcat 7.0.50 |
||
apache tomcat 7.0.6 |
||
apache tomcat 6.0.20 |
||
apache tomcat 8.0.12 |
||
apache tomcat 7.0.14 |
||
apache tomcat 6.0.10 |
||
apache tomcat 8.0.15 |
||
apache tomcat 6.0.29 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.23 |
||
apache tomcat 7.0.0 |
||
apache tomcat 6.0.1 |
||
apache tomcat 6.0.24 |
||
apache tomcat 8.0.22 |
||
apache tomcat 6.0.37 |
||
apache tomcat 7.0.52 |
||
apache tomcat 7.0.42 |
||
apache tomcat 6.0.32 |
||
apache tomcat 6.0.28 |
||
apache tomcat 7.0.37 |
||
apache tomcat 7.0.29 |
||
apache tomcat 8.0.11 |
||
apache tomcat 8.0.24 |
||
apache tomcat 8.0.23 |
||
apache tomcat 7.0.47 |
||
apache tomcat 7.0.5 |
||
apache tomcat 8.0.21 |
||
apache tomcat 6.0.14 |
||
apache tomcat 7.0.41 |
||
apache tomcat 7.0.30 |
||
apache tomcat 7.0.19 |
||
apache tomcat 7.0.16 |
||
apache tomcat 6.0.41 |
||
apache tomcat 7.0.10 |
||
apache tomcat 8.0.18 |
||
apache tomcat 7.0.25 |
||
apache tomcat 7.0.54 |
||
apache tomcat 7.0.35 |
||
apache tomcat 7.0.61 |
||
apache tomcat 6.0.18 |
||
apache tomcat 7.0.57 |
||
apache tomcat 6.0.2 |
||
apache tomcat 8.0.14 |
||
apache tomcat 7.0.32 |
||
apache tomcat 6.0.43 |
||
apache tomcat 7.0.21 |
||
apache tomcat 7.0.27 |
||
apache tomcat 7.0.40 |
||
apache tomcat 6.0.30 |
||
apache tomcat 6.0.13 |
||
apache tomcat 7.0.56 |
||
apache tomcat 6.0.26 |
||
apache tomcat 7.0.64 |
||
apache tomcat 6.0.35 |
||
apache tomcat 6.0.16 |
||
apache tomcat 6.0.36 |
||
apache tomcat 7.0.33 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 14.04 |