Lucene search

K
nvd[email protected]NVD:CVE-2016-6796
HistoryAug 11, 2017 - 2:29 a.m.

CVE-2016-6796

2017-08-1102:29:00
web.nvd.nist.gov
1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

Affected configurations

NVD
Node
apachetomcatRange6.0.06.0.45
OR
apachetomcatRange7.0.07.0.70
OR
apachetomcatRange8.08.0.36
OR
apachetomcatRange8.5.08.5.4
OR
apachetomcatMatch9.0.0milestone1
OR
apachetomcatMatch9.0.0milestone2
OR
apachetomcatMatch9.0.0milestone3
OR
apachetomcatMatch9.0.0milestone4
OR
apachetomcatMatch9.0.0milestone5
OR
apachetomcatMatch9.0.0milestone6
OR
apachetomcatMatch9.0.0milestone7
OR
apachetomcatMatch9.0.0milestone8
OR
apachetomcatMatch9.0.0milestone9
Node
debiandebian_linuxMatch8.0
Node
netapponcommand_insightMatch-
OR
netapponcommand_shiftMatch-
OR
netappsnap_creator_frameworkMatch-
Node
canonicalubuntu_linuxMatch16.04esm
Node
oracletekelec_platform_distributionMatch7.4.0
OR
oracletekelec_platform_distributionMatch7.7.1
Node
redhatjboss_enterprise_application_platformMatch6.4
OR
redhatjboss_enterprise_web_serverMatch3.0.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch7.4
OR
redhatenterprise_linux_eusMatch7.5
OR
redhatenterprise_linux_eusMatch7.6
OR
redhatenterprise_linux_eusMatch7.7
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_ausMatch7.7
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_server_tusMatch7.7
OR
redhatenterprise_linux_workstationMatch7.0

References

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%