Lucene search

PRIOn knowledge basePRION:CVE-2016-6796

HistoryAug 11, 2017 - 2:29 a.m.

Design/Logic Flaw

2017-08-1102:29:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.9%

JSON

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

CPENameOperatorVersion
tomcateq9.0.0 milestone1
tomcateq9.0.0 milestone2
tomcateq9.0.0 milestone3
tomcateq9.0.0 milestone4
tomcateq9.0.0 milestone5
tomcateq9.0.0 milestone6
tomcateq9.0.0 milestone7
tomcateq9.0.0 milestone8
tomcateq9.0.0 milestone9
tomcatge6.0.0

Name	Operator	Version
tomcat	eq	9.0.0 milestone1
tomcat	eq	9.0.0 milestone2
tomcat	eq	9.0.0 milestone3
tomcat	eq	9.0.0 milestone4
tomcat	eq	9.0.0 milestone5
tomcat	eq	9.0.0 milestone6
tomcat	eq	9.0.0 milestone7
tomcat	eq	9.0.0 milestone8
tomcat	eq	9.0.0 milestone9
tomcat	ge	6.0.0

Rows per page:

1-10 of 351

References

rhn.redhat.com/errata/RHSA-2017-0457.html

rhn.redhat.com/errata/RHSA-2017-1551.html

www.debian.org/security/2016/dsa-3720

www.securityfocus.com/bid/93944

www.securitytracker.com/id/1037141

www.securitytracker.com/id/1038757

access.redhat.com/errata/RHSA-2017:0455

access.redhat.com/errata/RHSA-2017:0456

access.redhat.com/errata/RHSA-2017:1548

access.redhat.com/errata/RHSA-2017:1549

access.redhat.com/errata/RHSA-2017:1550

access.redhat.com/errata/RHSA-2017:1552

access.redhat.com/errata/RHSA-2017:2247

lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45%40%3Cannounce.tomcat.apache.org%3E

lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

security.netapp.com/advisory/ntap-20180605-0001/

usn.ubuntu.com/4557-1/

www.oracle.com/security-alerts/cpuoct2021.html