CVE-2016-6796

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45@%3Cannounce.tomcat.apache.org%3E	Mailing List Vendor Advisory
http://www.securitytracker.com/id/1038757	Broken Link
http://www.securitytracker.com/id/1037141	Broken Link
http://www.securityfocus.com/bid/93944	Broken Link
http://www.debian.org/security/2016/dsa-3720	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2247	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1552	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1550	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1549	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1548	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0456	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0455	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1551.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-0457.html	Third Party Advisory
https://security.netapp.com/advisory/ntap-20180605-0001/	Third Party Advisory
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E	Mailing List Patch Vendor Advisory
https://usn.ubuntu.com/4557-1/	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m1::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m2::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m3::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m4::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m5::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m6::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m7::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m8::::::
	cpe:2.3:a:apache:tomcat:9.0.0:m9::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:snap_creator_framework:-:::::::*

Configuration 4 (hide)

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:tekelec_platform_distribution:7.4.0:::::::*
	cpe:2.3:a:oracle:tekelec_platform_distribution:7.7.1:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Information

Published : 2017-08-10 19:29

Updated : 2022-04-18 10:56

NVD link : CVE-2016-6796

Mitre link : CVE-2016-6796

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

netapp

oncommand_shift
oncommand_insight
snap_creator_framework

redhat

enterprise_linux_desktop
enterprise_linux_server_aus
jboss_enterprise_application_platform
enterprise_linux_workstation
enterprise_linux_server_tus
jboss_enterprise_web_server
enterprise_linux_server
enterprise_linux_eus

oracle

tekelec_platform_distribution

apache

tomcat

canonical

ubuntu_linux

debian

debian_linux

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2016-6796

7.5^/10

5.0^/10

Attach tags to `CVE-2016-6796`