CVE-2016-5018

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-5018

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5018.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-5018

Aliases

GHSA-4v3g-g84w-hv7r

Related

Published

2017-08-10T16:29:00Z

Modified

2024-09-03T00:10:38Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomcat
Events: Last affected

18b014d8691909be6153ae7db022a6c35f9c93ea

Last affected

29b07def810d335012e738b22ab44d4e232b50d1

Introduced

e37b977db6f47e4380ad67114a49e8568951c953

Last affected

3e5565173dfe107f90419ab63bd4e2e7edc9deb4

Last affected

45f8fd74cdb96490fab8709263a4d862f0d429cf

Last affected

aba238718ac9b149d25feaa9a14ecad3b0e3a5e2

Last affected

c7b84102600d600bcc527560d9c4d10c3fd440ab

Last affected

d1dc05e934e089ea8907998cf850760017a0ed82

Last affected

d8ebf61e51b4455e3c226751e492a533f9002d48

Last affected

fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf

Last affected

fe854ab1f111396458d98fa2ab08c693ce9407e1

Introduced

e498667bd7811e846771a852b16ce9f1e524b81b

Last affected

ff181ab22b2b18e77ab9e0f0c2cfe5cfa59c844c