Lucene search

K
nessusTenable9313.PRM
HistoryMay 24, 2016 - 12:00 a.m.

Apache Tomcat 7.0.x < 7.0.68 / 8.0.x < 8.0.32 Multiple Vulnerabilities

2016-05-2400:00:00
Tenable
www.tenable.com
22

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.2%

Apache Tomcat 7.0.x before 7.0.68 or 8.0.x before 8.0.32 is affected by multiple vulnerabilities :

  • A flaw exists that is triggered as the ‘ResourceLinkFactory.setGlobalContext()’ method is accessible to web applications even when run under a security manager. This may potentially allow a context-dependent attacker to inject a malicious global context and read and write data owned by other web applications. (CVE-2016-0763)
  • A flaw exists in the index page of the Manager and Host Manager applications that is triggered when issuing redirects in response to unauthenticated requests to the root of the web application. This may allow a remote attacker to gain access to CSRF token information stored in the index page. (CVE-2015-5351)
Binary data 9313.prm

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

72.2%