Lucene search

K
cvelistApacheCVELIST:CVE-2016-5018
HistoryOct 27, 2016 - 12:00 a.m.

CVE-2016-5018

2016-10-2700:00:00
apache
www.cve.org

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.7%

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

CNA Affected

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "9.0.0.M1 to 9.0.0.M9"
      },
      {
        "status": "affected",
        "version": "8.5.0 to 8.5.4"
      },
      {
        "status": "affected",
        "version": "8.0.0.RC1 to 8.0.36"
      },
      {
        "status": "affected",
        "version": "7.0.0 to 7.0.70"
      },
      {
        "status": "affected",
        "version": "6.0.0 to 6.0.45"
      }
    ]
  }
]

References