Lucene search
OracleLinuxELSA-2016-2045HistoryOct 10, 2016 - 12:00 a.m.
tomcat6 security and bug fix update
2016-10-1000:00:00
linux.oracle.com
30
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.948 High
EPSS
Percentile
99.1%
[0:6.0.24-98]
- Resolves: rhbz#1362210 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header
- Resolves: rhbz#1368119
[0:6.0.24-97] - Resolves: rhbz#1367051 CVE-2015-5174 URL Normalization issue
- Resolves: rhbz#1367054 CVE-2016-0706 Security Manager bypass via StatusManagerServlet
- Resolves: rhbz#1367058 CVE-2016-0714 Security Manager bypass via persistence mechanisms
- Resolves: rhbz#1367054 CVE-2015-5345 Directory disclosure
[0:6.0.24-96] - Resolves: rhbz#1357123 rpm -V tomcat6 fails due on /var/log/tomcat6/catalina.out
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 6 | src | tomcat6 | < 6.0.24-98.el6_8 | tomcat6-6.0.24-98.el6_8.src.rpm |
| oracle linux | 6 | noarch | tomcat6 | < 6.0.24-98.el6_8 | tomcat6-6.0.24-98.el6_8.noarch.rpm |
| oracle linux | 6 | noarch | tomcat6-admin-webapps | < 6.0.24-98.el6_8 | tomcat6-admin-webapps-6.0.24-98.el6_8.noarch.rpm |
| oracle linux | 6 | noarch | tomcat6-docs-webapp | < 6.0.24-98.el6_8 | tomcat6-docs-webapp-6.0.24-98.el6_8.noarch.rpm |
| oracle linux | 6 | noarch | tomcat6-el-2.1-api | < 6.0.24-98.el6_8 | tomcat6-el-2.1-api-6.0.24-98.el6_8.noarch.rpm |
| oracle linux | 6 | noarch | tomcat6-javadoc | < 6.0.24-98.el6_8 | tomcat6-javadoc-6.0.24-98.el6_8.noarch.rpm |
| oracle linux | 6 | noarch | tomcat6-jsp-2.1-api | < 6.0.24-98.el6_8 | tomcat6-jsp-2.1-api-6.0.24-98.el6_8.noarch.rpm |
| oracle linux | 6 | noarch | tomcat6-lib | < 6.0.24-98.el6_8 | tomcat6-lib-6.0.24-98.el6_8.noarch.rpm |
| oracle linux | 6 | noarch | tomcat6-servlet-2.5-api | < 6.0.24-98.el6_8 | tomcat6-servlet-2.5-api-6.0.24-98.el6_8.noarch.rpm |
| oracle linux | 6 | noarch | tomcat6-webapps | < 6.0.24-98.el6_8 | tomcat6-webapps-6.0.24-98.el6_8.noarch.rpm |
Related
nessus
nessus
Oracle Linux 6 : tomcat6 (ELSA-2016-2045) (httpoxy)
2016-10-11 00:00:00
Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20161010) (httpoxy)
2016-10-12 00:00:00
CentOS 6 : tomcat6 (CESA-2016:2045) (httpoxy)
2016-10-12 00:00:00
openvas
openvas
RedHat Update for tomcat6 RHSA-2016:2045-01
2016-10-11 00:00:00
CentOS Update for tomcat6 CESA-2016:2045 centos6
2016-10-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:0839-1)
2021-06-09 00:00:00
redhat
redhat
(RHSA-2016:2045) Important: tomcat6 security and bug fix update
2016-10-10 18:29:33
(RHSA-2016:2599) Moderate: tomcat security, bug fix, and enhancement update
2016-11-03 06:07:16
(RHSA-2016:1088) Moderate: Red Hat JBoss Web Server 3.0.3 update
2016-05-17 16:10:14
centos
centos
tomcat6 security update
2016-10-11 18:36:02
tomcat security update
2016-11-25 15:49:52
tomcat security update
2016-10-11 18:36:52
ibm
ibm
Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is susceptible to multiple vulnerabilities. (CVE-2015-5345, CVE-2016-0706, CVE-2016-0714, CVE-2015-5174)
2018-06-16 21:42:42
f5
f5
SOL30971148 - Apache Tomcat 6.x vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714
2016-03-22 00:00:00
SOL73644551 - Apache Tomcat vulnerability CVE-2016-6325
2016-10-20 00:00:00
K73644551 : Apache Tomcat vulnerability CVE-2016-6325
2016-10-20 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.45
2016-02-11 00:00:00
Fixed in Apache Tomcat 7.0.68
2016-02-16 00:00:00
Fixed in Apache Tomcat 9.0.0.M3
2016-01-05 00:00:00
suse
suse
Security update for tomcat6 (important)
2016-03-21 14:14:16
Security update for tomcat (important)
2016-03-15 15:12:43
Security update for tomcat (important)
2016-03-18 19:13:35
amazon
amazon
Medium: tomcat6
2016-03-29 15:30:00
Medium: tomcat7
2016-03-29 15:30:00
Medium: tomcat8
2016-03-10 16:30:00
debian
debian
[SECURITY] [DLA 435-1] tomcat6 security update
2016-02-27 19:09:41
[SECURITY] [DSA 3609-1] tomcat8 security update
2016-06-29 19:54:21
[SECURITY] [DSA 3552-1] tomcat7 security update
2016-04-17 18:44:26
osv
osv
tomcat6 - security update
2016-02-27 00:00:00
tomcat7 - security update
2016-04-17 00:00:00
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
freebsd
freebsd
tomcat -- multiple vulnerabilities
2016-02-22 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2016-03-02 21:28:46
Updated tomcat packages fix security vulnerability
2016-09-21 23:38:22
atlassian
atlassian
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
Upgrade Tomcat to the latest 8.0.x release
2016-02-19 00:04:16
symantec
symantec
SA118 : February 2016 Apache Tomcat Vulnerabilities
2016-03-15 08:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2016-07-05 00:00:00
oraclelinux
oraclelinux
tomcat security, bug fix, and enhancement update
2016-11-09 00:00:00
tomcat security update
2016-10-10 00:00:00
ubuntucve
ubuntucve
cloudfoundry
cloudfoundry
USN-3024-1: tomcat6, tomcat7 vulnerabilities | Cloud Foundry
2017-01-19 00:00:00
redhatcve
redhatcve
CVE-2016-6325
2016-10-10 08:47:27
CVE-2016-5388
2020-03-15 13:19:03
prion
prion
Design/Logic Flaw
2016-10-13 14:59:00
Directory traversal
2016-02-25 01:59:00
Code injection
2016-02-25 01:59:00
veracode
veracode
Privilege Escalation
2019-05-20 00:08:58
Directory Traversal
2019-01-15 09:09:27
Directory Information Disclosure
2019-01-15 09:11:49
debiancve
debiancve
cve
cve
github
github
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
2022-05-14 01:10:16
Improper Access Control in Apache Tomcat
2022-05-14 01:10:17
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2017-05-18 00:00:00
archlinux
archlinux
[ASA-201609-7] tomcat8: proxy injection
2016-09-10 00:00:00
[ASA-201609-21] tomcat7: proxy injection
2016-09-22 00:00:00
[ASA-201611-6] tomcat6: proxy injection
2016-11-02 00:00:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.948 High
EPSS
Percentile
99.1%
Related for ELSA-2016-2045