cve/2015/CVE-2015-5345.md

### [CVE-2015-5345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

### POC

#### Reference
- http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- https://kc.mcafee.com/corporate/index?page=content&id=SB10156

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/dusbot/cpe2cve
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-5345](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5345)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`### Description`

			`The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/135892/Apache-Tomcat-Directory-Disclosure.html`
			`- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html`
			`- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://kc.mcafee.com/corporate/index?page=content&id=SB10156`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/ARPSyndicate/cve-scores`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`- https://github.com/ARPSyndicate/cvemon`
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`- https://github.com/dusbot/cpe2cve`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00