Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-6796
HistoryOct 28, 2016 - 12:00 a.m.

CVE-2016-6796

2016-10-2800:00:00
ubuntu.com
ubuntu.com
11

0.001 Low

EPSS

Percentile

47.0%

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9,
8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45
was able to bypass a configured SecurityManager via manipulation of the
configuration parameters for the JSP Servlet.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchtomcat6< 6.0.35-1ubuntu3.9UNKNOWN
ubuntu14.04noarchtomcat6< anyUNKNOWN
ubuntu16.04noarchtomcat6< 6.0.45+dfsg-1ubuntu0.1UNKNOWN
ubuntu14.04noarchtomcat7< 7.0.52-1ubuntu0.8UNKNOWN
ubuntu16.04noarchtomcat7< 7.0.68-1ubuntu0.3UNKNOWN
ubuntu16.04noarchtomcat8< 8.0.32-1ubuntu1.3UNKNOWN