Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2016-6796

🗓️ 11 Aug 2017 02:00:00Reported by apacheType 
cve
 cve🔗 web.nvd.nist.gov👁 169 Views

"Apache Tomcat 6.0.0-9.0.0.M9, 7.0.0-7.0.70, 8.0.0.RC1-8.5.4 - SecurityManager Bypass CVE-2016-6796

Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
15 Jun 201823:17
ibm
IBM Security Bulletins		Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's
16 Jun 201821:50
ibm
IBM Security Bulletins		Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
16 Jun 202221:33
ibm
IBM Security Bulletins		Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS.
18 Jun 201800:32
ibm
IBM Security Bulletins		Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator
29 Apr 202502:11
ibm
IBM Security Bulletins		Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)
17 Jun 201815:39
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840
18 Jun 201800:32
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem models 840 and 900
18 Feb 202301:45
ibm
IBM Security Bulletins		Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.
15 Jun 201823:48
ibm
IBM Security Bulletins		Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)
11 Apr 202215:17
ibm
Rows per page
NVD
Vulners
Node
apachetomcatRange6.0.06.0.45
OR
apachetomcatRange7.0.07.0.70
OR
apachetomcatRange8.08.0.36
OR
apachetomcatRange8.5.08.5.4
OR
apachetomcatMatch9.0.0milestone1
OR
apachetomcatMatch9.0.0milestone2
OR
apachetomcatMatch9.0.0milestone3
OR
apachetomcatMatch9.0.0milestone4
OR
apachetomcatMatch9.0.0milestone5
OR
apachetomcatMatch9.0.0milestone6
OR
apachetomcatMatch9.0.0milestone7
OR
apachetomcatMatch9.0.0milestone8
OR
apachetomcatMatch9.0.0milestone9
Node
debiandebian_linuxMatch8.0
Node
netapponcommand_insightMatch-
OR
netapponcommand_shiftMatch-
OR
netappsnap_creator_frameworkMatch-
Node
canonicalubuntu_linuxMatch16.04esm
Node
oracletekelec_platform_distributionMatch7.4.0
OR
oracletekelec_platform_distributionMatch7.7.1
Node
redhatjboss_enterprise_application_platformMatch6.4
OR
redhatjboss_enterprise_web_serverMatch3.0.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch7.0
[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0.M1 to 9.0.0.M9"
      },
      {
        "status": "affected",
        "version": "8.5.0 to 8.5.4"
      },
      {
        "status": "affected",
        "version": "8.0.0.RC1 to 8.0.36"
      },
      {
        "status": "affected",
        "version": "7.0.0 to 7.0.70"
      },
      {
        "status": "affected",
        "version": "6.0.0 to 6.0.45"
      }
    ]
  }
]
SourceLink
accesswww.access.redhat.com/errata/RHSA-2017:2247
accesswww.access.redhat.com/errata/RHSA-2017:1552
accesswww.access.redhat.com/errata/RHSA-2017:0455
listswww.lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
listswww.lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
listswww.lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45%40%3Cannounce.tomcat.apache.org%3E
listswww.lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
rhnwww.rhn.redhat.com/errata/RHSA-2017-1551.html
listswww.lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
listswww.lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 May 2026 00:24Current
8.4High risk
Vulners AI Score8.4
CVSS 25
CVSS 3.17.5
EPSS0.00839
apache tomcatsecuritymanager bypasscve-2016-6796nvdjsp servlet
169