logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2016-6796

Description

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.


Affected Software


CPE Name Name Version
apache:tomcat apache tomcat 6.0.45
apache:tomcat apache tomcat 7.0.70
apache:tomcat apache tomcat 8.0.36
apache:tomcat apache tomcat 8.5.4
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
debian:debian_linux debian debian linux 8.0
netapp:oncommand_insight netapp oncommand insight -
netapp:oncommand_shift netapp oncommand shift -
netapp:snap_creator_framework netapp snap creator framework -
canonical:ubuntu_linux canonical ubuntu linux 16.04
oracle:tekelec_platform_distribution oracle tekelec platform distribution 7.4.0
oracle:tekelec_platform_distribution oracle tekelec platform distribution 7.7.1
redhat:jboss_enterprise_application_platform redhat jboss enterprise application platform 6.4
redhat:jboss_enterprise_web_server redhat jboss enterprise web server 3.0.0
redhat:enterprise_linux_desktop redhat enterprise linux desktop 7.0
redhat:enterprise_linux_eus redhat enterprise linux eus 7.4
redhat:enterprise_linux_eus redhat enterprise linux eus 7.5
redhat:enterprise_linux_eus redhat enterprise linux eus 7.6
redhat:enterprise_linux_eus redhat enterprise linux eus 7.7
redhat:enterprise_linux_server redhat enterprise linux server 7.0
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 7.4
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 7.6
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 7.7
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 7.6
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 7.7
redhat:enterprise_linux_workstation redhat enterprise linux workstation 7.0

Related