tomcat: system property disclosure

🗓️ 01 Aug 2017 15:43:19Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 5 Views

Tomcat system property replacement can bypass the SecurityManager and reveal restricted system properties.

Reporter	Title	Published	Views	Family All 139
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence Server 2017Q1 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.	15 Jun 201823:17	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVE's	16 Jun 201821:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Apache Tomcat vulnerabilities affect IBM SONAS.	18 Jun 201800:32	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)	17 Jun 201815:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities.	15 Jun 201823:48	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities in IBM Java Runtime and Apache Tomcat that affect IBM Cognos Business Viewpoint	15 Jun 201823:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect IBM UrbanCode Release	17 Jun 201822:33	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affect Rational Reporting for Development Intelligence	17 Jun 201805:20	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	any	tomcat	0:7.0.76-2.el7.noarch	tomcat-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-admin-webapps	0:7.0.76-2.el7.noarch	tomcat-admin-webapps-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-docs-webapp	0:7.0.76-2.el7.noarch	tomcat-docs-webapp-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-el-2.2-api	0:7.0.76-2.el7.noarch	tomcat-el-2.2-api-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-javadoc	0:7.0.76-2.el7.noarch	tomcat-javadoc-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-jsp-2.2-api	0:7.0.76-2.el7.noarch	tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-jsvc	0:7.0.76-2.el7.noarch	tomcat-jsvc-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-lib	0:7.0.76-2.el7.noarch	tomcat-lib-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-servlet-3.0-api	0:7.0.76-2.el7.noarch	tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-webapps	0:7.0.76-2.el7.noarch	tomcat-webapps-0:7.0.76-2.el7.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-6794
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-6794
tomcat	www.tomcat.apache.org/security-6.html
tomcat	www.tomcat.apache.org/security-7.html
tomcat	www.tomcat.apache.org/security-8.html
cve	www.cve.org/CVERecord

13 May 2026 01:46Current

7.3High risk

Vulners AI Score7.3

CVSS 25

CVSS 3.15.3

EPSS0.00264

Tomcat vulnerability SecurityManager bypass system properties property replacement web application unix