Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2016-6797
HistoryAug 10, 2017 - 10:29 p.m.

CVE-2016-6797

2017-08-1022:29:00
Debian Security Bug Tracker
security-tracker.debian.org
18

EPSS

0.001

Percentile

47.8%

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

OSVersionArchitecturePackageVersionFilename
Debian9alltomcat7< 7.0.75-1tomcat7_7.0.75-1_all.deb
Debian9alltomcat8< 8.5.54-0+deb9u1tomcat8_8.5.54-0+deb9u1_all.deb