Lucene search

K
prionPRIOn knowledge basePRION:CVE-2016-6794
HistoryAug 10, 2017 - 4:29 p.m.

Design/Logic Flaw

2017-08-1016:29:00
PRIOn knowledge base
www.prio-n.com
9

AI Score

9.1

Confidence

High

EPSS

0.001

Percentile

43.7%

When a SecurityManager is configured, a web application’s ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

References