7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
48.0%
Apache Tomcat security restrictions bypass Vulnerability(CVE-2 0 1 6-6 7 9 7)
Release date: 2016-10-27
Update date: 2016-10-28
Affected system:
Apache Group Tomcat 7.0.0-7.0.70
BUGTRAQ ID: 9 3 9 4 0
CVE(CAN) ID: CVE-2 0 1 6-6 7 9 7
Apache Tomcat is a popular open source JSP application server program.
Apache Tomcat 7.0.0-7.0.70 in the realization of the presence of security restriction bypass vulnerability. An attacker could exploit this vulnerability to bypass certain security restrictions, perform unauthorized actions.
<*source: the Apache Tomcat security team
*>
Recommendations:
Manufacturers patch:
The Apache Group
------------
The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:
<https://tomcat.apache.org/security-7.html>
http://svn.apache.org/viewvc?view=revision&revision=1 7 5 7 2 7 5
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
48.0%