The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
marc.info/?l=bugtraq&m=145974991225029&w=2
rhn.redhat.com/errata/RHSA-2016-1089.html
rhn.redhat.com/errata/RHSA-2016-2045.html
rhn.redhat.com/errata/RHSA-2016-2599.html
rhn.redhat.com/errata/RHSA-2016-2807.html
rhn.redhat.com/errata/RHSA-2016-2808.html
seclists.org/bugtraq/2016/Feb/145
svn.apache.org/viewvc?view=revision&revision=1725263
svn.apache.org/viewvc?view=revision&revision=1725914
svn.apache.org/viewvc?view=revision&revision=1726196
svn.apache.org/viewvc?view=revision&revision=1726203
svn.apache.org/viewvc?view=revision&revision=1726923
svn.apache.org/viewvc?view=revision&revision=1727034
svn.apache.org/viewvc?view=revision&revision=1727166
svn.apache.org/viewvc?view=revision&revision=1727182
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html
www.debian.org/security/2016/dsa-3530
www.debian.org/security/2016/dsa-3552
www.debian.org/security/2016/dsa-3609
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
www.securityfocus.com/bid/83327
www.securitytracker.com/id/1035069
www.securitytracker.com/id/1037640
www.ubuntu.com/usn/USN-3024-1
access.redhat.com/errata/RHSA-2016:1087
access.redhat.com/errata/RHSA-2016:1088
bto.bluecoat.com/security-advisory/sa118
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
security.gentoo.org/glsa/201705-09
security.netapp.com/advisory/ntap-20180531-0001/