The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
marc.info/?l=bugtraq&m=145974991225029&w=2
rhn.redhat.com/errata/RHSA-2016-1089.html
rhn.redhat.com/errata/RHSA-2016-2045.html
rhn.redhat.com/errata/RHSA-2016-2599.html
rhn.redhat.com/errata/RHSA-2016-2807.html
rhn.redhat.com/errata/RHSA-2016-2808.html
seclists.org/bugtraq/2016/Feb/145
svn.apache.org/viewvc?view=revision&revision=1725263
svn.apache.org/viewvc?view=revision&revision=1725914
svn.apache.org/viewvc?view=revision&revision=1726196
svn.apache.org/viewvc?view=revision&revision=1726203
svn.apache.org/viewvc?view=revision&revision=1726923
svn.apache.org/viewvc?view=revision&revision=1727034
svn.apache.org/viewvc?view=revision&revision=1727166
svn.apache.org/viewvc?view=revision&revision=1727182
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
tomcat.apache.org/security-9.html
www.debian.org/security/2016/dsa-3530
www.debian.org/security/2016/dsa-3552
www.debian.org/security/2016/dsa-3609
www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
www.ubuntu.com/usn/USN-3024-1
access.redhat.com/errata/RHSA-2016:1087
access.redhat.com/errata/RHSA-2016:1088
bto.bluecoat.com/security-advisory/sa118
github.com/apache/tomcat
github.com/apache/tomcat/commit/50f1b1da794cd93b70ab5456d3c2c984408e1506
github.com/apache/tomcat/commit/79e8ad03404c131009811855f9a30d8d01c0c736
github.com/apache/tomcat/commit/824eb1d1ad922e7652ecf51adb2b9eebb5bb88b5
github.com/apache/tomcat/commit/e1b1002129fea4033329f6f619ba219527bbbd40
github.com/apache/tomcat/commit/f626da75fd59da82b14dee7b8cc46ad51eefdbe5
github.com/apache/tomcat/commit/ff1b659dc366a2ad47cd8f7e3544c796a1b15e46
github.com/apache/tomcat80/commit/2e5cc28052e84ba45196949ba602484221bbf33c
github.com/apache/tomcat80/commit/5430f30c79383e4d2d87785468905fcb00bace58
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2016-0714
security.gentoo.org/glsa/201705-09
security.netapp.com/advisory/ntap-20180531-0001
web.archive.org/web/20170204045529/www.securityfocus.com/bid/83327
web.archive.org/web/20170601064840/www.securitytracker.com/id/1035069
web.archive.org/web/20170927131230/www.securitytracker.com/id/1037640