Multiple security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine, which may result in possible timing attacks to
determine valid user names, bypass of the SecurityManager, disclosure of
system properties, unrestricted access to global resources, arbitrary
file overwrites, and potentially escalation of privileges.

For the stable distribution (jessie), these problems have been fixed in
version 7.0.56-3+deb8u5.

We recommend that you upgrade your tomcat7 packages.

References

www.debian.org/security/2016/dsa-3721

redhat 9

tomcat 4

nessus 36

openvas 26

ibm 27

centos 1

debian 9

osv 17

freebsd 1

amazon 1

suse 6

f5 6

mageia 1

ubuntu 3

fedora 3

debiancve 5

prion 5

ubuntucve 5

cvelist 5

nvd 5

redhatcve 2

cve 5

github 5

myhack58 1

veracode 2

exploitdb 1

packetstorm 1

exploitpack 1

oraclelinux 1

oracle 3

redhat

(RHSA-2017:2247) Low: tomcat security, bug fix, and enhancement update

2017-08-01 05:59:34

(RHSA-2017:0456) Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update

2015-11-12 19:12:07

(RHSA-2017:0457) Important: Red Hat JBoss Web Server security and enhancement update

2017-03-07 18:57:09

tomcat

Fixed in Apache Tomcat 7.0.72

2016-09-19 00:00:00

Fixed in Apache Tomcat 9.0.0.M10

2016-09-05 00:00:00

Fixed in Apache Tomcat 6.0.47

2016-10-16 00:00:00

nessus

Apache Tomcat 8.0.0.RC1 < 8.0.37 multiple vulnerabilities

2024-05-23 00:00:00

FreeBSD : tomcat -- multiple vulnerabilities (3ae106e2-d521-11e6-ae1b-002590263bf5)

2017-01-10 00:00:00

Apache Tomcat 7.0.0 < 7.0.72 multiple vulnerabilities

2024-05-23 00:00:00

openvas

Debian Security Advisory DSA 3721-1 (tomcat7 - security update)

2016-11-21 00:00:00

Debian Security Advisory DSA 3720-1 (tomcat8 - security update)

2016-11-21 00:00:00

RedHat Update for tomcat RHSA-2017:2247-01

2017-08-04 00:00:00

ibm

Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerabilities

2019-11-18 13:57:34

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Insight

2018-06-17 05:20:08

Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence

2018-06-17 05:20:07

centos

tomcat security update

2017-08-24 01:41:52

debian

[SECURITY] [DSA 3720-1] tomcat8 security update

2016-11-21 18:49:12

[SECURITY] [DSA 3720-1] tomcat8 security update

2016-11-21 18:49:12

[SECURITY] [DSA 3721-1] tomcat7 security update

2016-11-21 18:49:22

osv

tomcat8 - security update

2016-11-21 00:00:00

tomcat6 vulnerabilities

2020-09-30 12:55:19

tomcat7 - security update

2016-12-01 00:00:00

freebsd

tomcat -- multiple vulnerabilities

2016-10-27 00:00:00

amazon

Important: tomcat6, tomcat7, tomcat8

2016-11-10 18:00:00

suse

Security update for tomcat (important)

2016-12-14 01:28:16

Security update for tomcat (important)

2016-12-10 23:07:49

Security update for tomcat (important)

2016-12-14 01:14:48

SOL65230547 - Apache Tomcat vulnerabilities CVE-2016-5018, CVE-2016-6794, and CVE-2016-6796

2016-11-14 00:00:00

K65230547 : Apache Tomcat vulnerabilities CVE-2016-5018, CVE-2016-6794, and CVE-2016-6796

2016-11-14 00:00:00

SOL36302720 - Apache Tomcat vulnerability CVE-2016-6797

2016-11-14 00:00:00

mageia

Updated tomcat packages fix security vulnerability

2016-11-05 01:29:35

ubuntu

Tomcat vulnerabilities

2020-09-30 00:00:00

Tomcat vulnerabilities

2017-01-23 00:00:00

Tomcat regression

2017-02-02 00:00:00

fedora

[SECURITY] Fedora 25 Update: tomcat-8.0.38-1.fc25

2016-11-19 21:26:18

[SECURITY] Fedora 23 Update: tomcat-8.0.38-1.fc23

2016-11-13 02:21:02

[SECURITY] Fedora 24 Update: tomcat-8.0.38-1.fc24

2016-11-12 23:56:29

debiancve

CVE-2016-6796

2017-08-11 02:29:00

CVE-2016-6797

2017-08-10 22:29:00

CVE-2016-6794

2017-08-10 16:29:00

prion

Design/Logic Flaw

2017-08-11 02:29:00

Design/Logic Flaw

2017-08-10 16:29:00

Information disclosure

2017-08-10 22:29:00

ubuntucve

CVE-2016-6796

2016-10-28 00:00:00

CVE-2016-6794

2016-10-28 00:00:00

CVE-2016-6797

2016-10-28 00:00:00

cvelist

CVE-2016-6796

2016-10-27 00:00:00

CVE-2016-6794

2016-10-27 00:00:00

CVE-2016-6797

2016-10-27 00:00:00

nvd

CVE-2016-6794

2017-08-10 16:29:00

CVE-2016-6796

2017-08-11 02:29:00

CVE-2016-6797

2017-08-10 22:29:00

redhatcve

CVE-2016-6794

2016-11-01 10:17:21

CVE-2016-6797

2016-11-01 09:17:18

cve

CVE-2016-6796

2017-08-11 02:29:00

CVE-2016-6794

2017-08-10 16:29:00

CVE-2016-6797

2017-08-10 22:29:00

github

System Property Disclosure in Apache Tomcat

2022-05-13 01:02:16

Apache Tomcat vulnerable to SecurityManager bypass

2022-05-13 01:02:16

Incorrect Authorization in Apache Tomcat

2022-05-13 01:02:15

myhack58

Apache Tomcat security restrictions bypass Vulnerability(CVE-2 0 1 6-6 7 9 7)-vulnerability warning-the black bar safety net

2016-10-29 00:00:00

veracode

Timing Attack

2019-01-15 09:16:05

Security Manager Bypass

2019-01-15 09:17:22

exploitdb

Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape

2020-01-08 00:00:00

packetstorm

Tomcat 9.0.0.M1 Sandbox Escape

2020-01-08 00:00:00

exploitpack

Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape

2020-01-08 00:00:00

oraclelinux

tomcat security, bug fix, and enhancement update

2017-08-07 00:00:00

oracle

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.002

Percentile

54.8%

JSON

Related for OSV:DSA-3721-1