CVE-2016-6796

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6796

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6796.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-6796

Aliases

GHSA-3mjp-p938-4329

Related

Published

2017-08-11T02:29:00Z

Modified

2024-09-03T00:10:38Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type: GIT
Repo: https://github.com/apache/tomcat
Events: Last affected

18b014d8691909be6153ae7db022a6c35f9c93ea

Last affected

29b07def810d335012e738b22ab44d4e232b50d1

Introduced

e37b977db6f47e4380ad67114a49e8568951c953

Last affected

3e5565173dfe107f90419ab63bd4e2e7edc9deb4

Last affected

45f8fd74cdb96490fab8709263a4d862f0d429cf

Last affected

aba238718ac9b149d25feaa9a14ecad3b0e3a5e2

Last affected

c7b84102600d600bcc527560d9c4d10c3fd440ab

Last affected

d1dc05e934e089ea8907998cf850760017a0ed82

Last affected

d8ebf61e51b4455e3c226751e492a533f9002d48

Last affected

fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf

Last affected

fe854ab1f111396458d98fa2ab08c693ce9407e1

Introduced

e498667bd7811e846771a852b16ce9f1e524b81b

Last affected

ff181ab22b2b18e77ab9e0f0c2cfe5cfa59c844c