Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.tomcat:tomcat(Maven) | 8.0.0-RC1 | 8.0.27 | N/A |
| org.apache.tomcat:tomcat(Maven) | 7.0.0 | 7.0.65 | N/A |
| org.apache.tomcat:tomcat(Maven) | 6.0.0 | 6.0.45 | N/A |
CVSS Metrics
