Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-5018

Опубликовано: 10 авг. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.4
CVSS3: 9.1

Описание

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/xenial

not-affected

6.0.45+dfsg-1
esm-infra-legacy/trusty

needed

esm-infra/focal

DNE

focal

DNE

Показывать по

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

cosmic

not-affected

devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

not-affected

esm-apps/xenial

released

7.0.68-1ubuntu0.3
esm-infra-legacy/trusty

not-affected

7.0.52-1ubuntu0.8
esm-infra/focal

DNE

Показывать по

РелизСтатусПримечание
artful

not-affected

8.0.38-2
bionic

not-affected

8.0.38-2
cosmic

not-affected

8.0.38-2
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

not-affected

8.0.38-2
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

8.0.32-1ubuntu1.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 75%
0.00914
Низкий

6.4 Medium

CVSS2

9.1 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-5018

CVSS3: 4.2
redhat
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

nvd логотип

CVE-2016-5018

CVSS3: 9.1
nvd
почти 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

debian логотип

CVE-2016-5018

CVSS3: 9.1
debian
почти 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8. ...

github логотип

GHSA-4v3g-g84w-hv7r

CVSS3: 9.1
github
около 3 лет назад

Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat

oracle-oval логотип

ELSA-2017-2247

oracle-oval
почти 8 лет назад

ELSA-2017-2247: tomcat security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 75%
0.00914
Низкий

6.4 Medium

CVSS2

9.1 Critical

CVSS3