Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-0714

Опубликовано: 25 фев. 2016
Источник: ubuntu
Приоритет: medium
CVSS2: 6.5
CVSS3: 8.8

Описание

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

esm-apps/xenial

released

6.0.45+dfsg-1
esm-infra-legacy/trusty

not-affected

6.0.39-1ubuntu0.1
precise

released

6.0.35-1ubuntu3.7
precise/esm

not-affected

6.0.35-1ubuntu3.7
trusty

released

6.0.39-1ubuntu0.1
trusty/esm

not-affected

6.0.39-1ubuntu0.1
upstream

released

6.0.45

Показывать по

РелизСтатусПримечание
artful

not-affected

7.0.68-1
bionic

not-affected

7.0.68-1
devel

not-affected

7.0.68-1
esm-apps/bionic

not-affected

7.0.68-1
esm-apps/xenial

not-affected

7.0.68-1
esm-infra-legacy/trusty

not-affected

7.0.52-1ubuntu0.6
precise

ignored

end of life
precise/esm

DNE

precise was needed
trusty

released

7.0.52-1ubuntu0.6
trusty/esm

not-affected

7.0.52-1ubuntu0.6

Показывать по

РелизСтатусПримечание
artful

not-affected

8.0.32-1ubuntu1
bionic

not-affected

8.0.32-1ubuntu1
devel

not-affected

8.0.32-1ubuntu1
esm-apps/bionic

not-affected

8.0.32-1ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

8.0.32-1ubuntu1
precise

DNE

precise/esm

DNE

trusty

DNE

trusty/esm

DNE

Показывать по

Ссылки на источники

6.5 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-0714

CVSS3: 8.8
redhat
больше 9 лет назад

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

nvd логотип

CVE-2016-0714

CVSS3: 8.8
nvd
больше 9 лет назад

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

debian логотип

CVE-2016-0714

CVSS3: 8.8
debian
больше 9 лет назад

The session-persistence implementation in Apache Tomcat 6.x before 6.0 ...

github логотип

GHSA-mv42-px54-87jw

CVSS3: 8.8
github
около 3 лет назад

Improper Access Control in Apache Tomcat

fstec логотип

BDU:2016-00615

fstec
больше 9 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю выполнить произвольный код в привилегированном контексте

6.5 Medium

CVSS2

8.8 High

CVSS3