Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6797

Опубликовано: 27 окт. 2016
Источник: redhat
CVSS3: 3.7
CVSS2: 2.6
EPSS Низкий

Описание

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Will not fix
Red Hat Enterprise Linux 6tomcat6Will not fix
Red Hat JBoss BRMS 5jbosswebOut of support scope
Red Hat JBoss Data Grid 6jbosswebOut of support scope
Red Hat JBoss Data Virtualization 6jbosswebOut of support scope
Red Hat JBoss Enterprise Application Platform 5jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6jbosswebNot affected
Red Hat JBoss Enterprise Web Server 2tomcat6Will not fix
Red Hat JBoss Enterprise Web Server 2tomcat7Will not fix
Red Hat JBoss Enterprise Web Server 3tomcat7Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1390493tomcat: unrestricted access to global resources

EPSS

Процентиль: 66%
0.00524
Низкий

3.7 Low

CVSS3

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6797

CVSS3: 7.5
ubuntu
почти 8 лет назад

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

nvd логотип

CVE-2016-6797

CVSS3: 7.5
nvd
почти 8 лет назад

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

debian логотип

CVE-2016-6797

CVSS3: 7.5
debian
почти 8 лет назад

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9. ...

github логотип

GHSA-q6x7-f33r-3wxx

CVSS3: 7.5
github
около 3 лет назад

Incorrect Authorization in Apache Tomcat

oracle-oval логотип

ELSA-2017-2247

oracle-oval
почти 8 лет назад

ELSA-2017-2247: tomcat security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 66%
0.00524
Низкий

3.7 Low

CVSS3

2.6 Low

CVSS2