Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6794

Опубликовано: 27 окт. 2016
Источник: redhat
CVSS3: 3.1
CVSS2: 2.6
EPSS Низкий

Описание

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Will not fix
Red Hat Enterprise Linux 6tomcat6Will not fix
Red Hat JBoss BRMS 5jbosswebOut of support scope
Red Hat JBoss Data Grid 6jbosswebOut of support scope
Red Hat JBoss Data Virtualization 6jbosswebOut of support scope
Red Hat JBoss Enterprise Application Platform 5jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6jbosswebNot affected
Red Hat JBoss Enterprise Web Server 2tomcat6Will not fix
Red Hat JBoss Enterprise Web Server 2tomcat7Will not fix
Red Hat JBoss Enterprise Web Server 3tomcat7Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1390520tomcat: system property disclosure

EPSS

Процентиль: 58%
0.00368
Низкий

3.1 Low

CVSS3

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6794

CVSS3: 5.3
ubuntu
почти 8 лет назад

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

nvd логотип

CVE-2016-6794

CVSS3: 5.3
nvd
почти 8 лет назад

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

debian логотип

CVE-2016-6794

CVSS3: 5.3
debian
почти 8 лет назад

When a SecurityManager is configured, a web application's ability to r ...

github логотип

GHSA-2rvf-329f-p99g

CVSS3: 5.3
github
около 3 лет назад

System Property Disclosure in Apache Tomcat

oracle-oval логотип

ELSA-2017-2247

oracle-oval
почти 8 лет назад

ELSA-2017-2247: tomcat security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 58%
0.00368
Низкий

3.1 Low

CVSS3

2.6 Low

CVSS2