Basic search

K
tomcatApache TomcatTOMCAT:937E284FF802C2D5A6E9C8A59AB6C822
HistorySep 19, 2016 - 12:00 a.m.

Fixed in Apache Tomcat 7.0.72

2016-09-1900:00:00
Apache Tomcat
tomcat.apache.org
18

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.6%

Note: The issues below were fixed in Apache Tomcat 7.0.71 but the release vote for the 7.0.71 release candidate did not pass. Therefore, although users must download 7.0.72 to obtain a version that includes fixes for these issues, version 7.0.71 is not included in the list of affected versions.

Low: Unrestricted Access to Global Resources CVE-2016-6797

The ResourceLinkFactory did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

This was fixed in revision 1757275.

This issue was identified by the Apache Tomcat Security Team on 18 January 2016 and made public on 27 October 2016.

Affects: 7.0.0 to 7.0.70

Low: Security Manager Bypass CVE-2016-6796

A malicious web application was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

This was fixed in revisions 1758495 and 1763236.

This issue was identified by the Apache Tomcat Security Team on 27 December 2015 and made public on 27 October 2016.

Affects: 7.0.0 to 7.0.70

Low: System Property Disclosure CVE-2016-6794

When a SecurityManager is configured, a web application’s ability to read system properties should be controlled by the SecurityManager. Tomcat’s system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

This was fixed in revision 1754728.

This issue was identified by the Apache Tomcat Security Team on 27 December 2015 and made public on 27 October 2016.

Affects: 7.0.0 to 7.0.70

Low: Security Manager Bypass CVE-2016-5018

A malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

This was fixed in revisions 1754902 and 1760309.

This issue was discovered by Alvaro Munoz and Alexander Mirosh of the HP Enterprise Security Team and reported to the Apache Tomcat Security Team on 5 July 2016. It was made public on 27 October 2016.

Affects: 7.0.0 to 7.0.70

Low: Timing Attack CVE-2016-0762

The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

This was fixed in revision 1758502.

This issue was identified by the Apache Tomcat Security Team on 1 January 2016 and made public on 27 October 2016.

Affects: 7.0.0 to 7.0.70

CPENameOperatorVersion
apache tomcatge7.0.0
apache tomcatle7.0.70

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.6%

Related for TOMCAT:937E284FF802C2D5A6E9C8A59AB6C822