UBUNTU-CVE-2016-6797
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2016-6797
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6797.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-6797
- Related
- Published
- 2016-10-28T00:00:00Z
- Modified
- 2016-10-28T00:00:00Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
- References
Affected packages
Ubuntu:14.04:LTS / tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.8?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.52-1ubuntu0.8
Affected versions
7.*
7.0.42-1
7.0.47-1
7.0.50-1
7.0.52-1
7.0.52-1ubuntu0.1
7.0.52-1ubuntu0.3
7.0.52-1ubuntu0.6
7.0.52-1ubuntu0.7
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"tomcat7-examples": "7.0.52-1ubuntu0.8",
"tomcat7-admin": "7.0.52-1ubuntu0.8",
"tomcat7-user": "7.0.52-1ubuntu0.8",
"libservlet3.0-java": "7.0.52-1ubuntu0.8",
"libservlet3.0-java-doc": "7.0.52-1ubuntu0.8",
"libtomcat7-java": "7.0.52-1ubuntu0.8",
"tomcat7-docs": "7.0.52-1ubuntu0.8",
"tomcat7": "7.0.52-1ubuntu0.8",
"tomcat7-common": "7.0.52-1ubuntu0.8"
}
]
}
Ubuntu:Pro:14.04:LTS / tomcat6
Package
- Name
- tomcat6
Ubuntu:16.04:LTS / tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6@6.0.45+dfsg-1ubuntu0.1?arch=src?distro=xenial
Ubuntu:16.04:LTS / tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7@7.0.68-1ubuntu0.3?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.68-1ubuntu0.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"tomcat7-examples": "7.0.68-1ubuntu0.3",
"tomcat7-admin": "7.0.68-1ubuntu0.3",
"tomcat7-user": "7.0.68-1ubuntu0.3",
"libservlet3.0-java": "7.0.68-1ubuntu0.3",
"libservlet3.0-java-doc": "7.0.68-1ubuntu0.3",
"libtomcat7-java": "7.0.68-1ubuntu0.3",
"tomcat7-docs": "7.0.68-1ubuntu0.3",
"tomcat7": "7.0.68-1ubuntu0.3",
"tomcat7-common": "7.0.68-1ubuntu0.3"
}
]
}
Ubuntu:16.04:LTS / tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1.3?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0.32-1ubuntu1.3
Affected versions
8.*
8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"tomcat8-common": "8.0.32-1ubuntu1.3",
"tomcat8-admin": "8.0.32-1ubuntu1.3",
"tomcat8-user": "8.0.32-1ubuntu1.3",
"libtomcat8-java": "8.0.32-1ubuntu1.3",
"tomcat8": "8.0.32-1ubuntu1.3",
"tomcat8-examples": "8.0.32-1ubuntu1.3",
"libservlet3.1-java-doc": "8.0.32-1ubuntu1.3",
"libservlet3.1-java": "8.0.32-1ubuntu1.3",
"tomcat8-docs": "8.0.32-1ubuntu1.3"
}
]
}