Lucene search

PRIOn knowledge basePRION:CVE-2016-5018

HistoryAug 10, 2017 - 4:29 p.m.

Design/Logic Flaw

2017-08-1016:29:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

CPENameOperatorVersion
tomcateq9.0.0 milestone1
tomcateq9.0.0 milestone2
tomcateq9.0.0 milestone3
tomcateq9.0.0 milestone4
tomcateq9.0.0 milestone5
tomcateq9.0.0 milestone6
tomcateq9.0.0 milestone7
tomcateq9.0.0 milestone8
tomcateq9.0.0 milestone9
tomcatge6.0.0

Name	Operator	Version
tomcat	eq	9.0.0 milestone1
tomcat	eq	9.0.0 milestone2
tomcat	eq	9.0.0 milestone3
tomcat	eq	9.0.0 milestone4
tomcat	eq	9.0.0 milestone5
tomcat	eq	9.0.0 milestone6
tomcat	eq	9.0.0 milestone7
tomcat	eq	9.0.0 milestone8
tomcat	eq	9.0.0 milestone9
tomcat	ge	6.0.0

Rows per page:

1-10 of 351

References

packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html

rhn.redhat.com/errata/RHSA-2017-0457.html

rhn.redhat.com/errata/RHSA-2017-1551.html

www.debian.org/security/2016/dsa-3720

www.securityfocus.com/bid/93942

www.securitytracker.com/id/1037142

www.securitytracker.com/id/1038757

access.redhat.com/errata/RHSA-2017:0455

access.redhat.com/errata/RHSA-2017:0456

access.redhat.com/errata/RHSA-2017:1548

access.redhat.com/errata/RHSA-2017:1549

access.redhat.com/errata/RHSA-2017:1550

access.redhat.com/errata/RHSA-2017:1552

access.redhat.com/errata/RHSA-2017:2247

lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

security.netapp.com/advisory/ntap-20180605-0001/

usn.ubuntu.com/4557-1/

www.oracle.com/security-alerts/cpuoct2021.html