Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-5018
HistoryOct 28, 2016 - 12:00 a.m.

CVE-2016-5018

2016-10-2800:00:00
ubuntu.com
ubuntu.com
18

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

54.8%

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36,
7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to
bypass a configured SecurityManager via a Tomcat utility method that was
accessible to web applications.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchtomcat6< 6.0.35-1ubuntu3.9UNKNOWN
ubuntu14.04noarchtomcat6< anyUNKNOWN
ubuntu14.04noarchtomcat7< 7.0.52-1ubuntu0.8UNKNOWN
ubuntu16.04noarchtomcat7< 7.0.68-1ubuntu0.3UNKNOWN
ubuntu16.04noarchtomcat8< 8.0.32-1ubuntu1.3UNKNOWN

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

54.8%