Lucene search

K
redhatcveRedhat.comRH:CVE-2016-6794
HistoryNov 01, 2016 - 10:17 a.m.

CVE-2016-6794

2016-11-0110:17:21
redhat.com
access.redhat.com
16

EPSS

0.001

Percentile

43.7%

It was discovered that when a SecurityManager was configured, Tomcat’s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.