Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-6797

Опубликовано: 10 авг. 2017
Источник: debian
EPSS Низкий

Описание

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat8fixed8.0.37-1package
tomcat7fixed7.0.72-1package
tomcat6fixed6.0.41-3package

Примечания

  • Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie

  • http://markmail.org/message/wrku5orwxfpt5mzl?q=list:org.apache.tomcat.announce/

  • Fixed by: http://svn.apache.org/r1757273 (8.0.x)

  • Fixed by: http://svn.apache.org/r1757275 (7.0.x)

  • Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1757285 (6.0.x)

EPSS

Процентиль: 66%
0.00524
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-6797

CVSS3: 7.5
ubuntu
почти 8 лет назад

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

redhat логотип

CVE-2016-6797

CVSS3: 3.7
redhat
больше 8 лет назад

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

nvd логотип

CVE-2016-6797

CVSS3: 7.5
nvd
почти 8 лет назад

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

github логотип

GHSA-q6x7-f33r-3wxx

CVSS3: 7.5
github
около 3 лет назад

Incorrect Authorization in Apache Tomcat

oracle-oval логотип

ELSA-2017-2247

oracle-oval
почти 8 лет назад

ELSA-2017-2247: tomcat security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 66%
0.00524
Низкий