Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-6796

Опубликовано: 11 авг. 2017
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-apps/xenial

released

6.0.45+dfsg-1ubuntu0.1
esm-infra-legacy/trusty

needed

esm-infra/focal

DNE

focal

DNE

Показывать по

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

cosmic

not-affected

devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

not-affected

esm-apps/xenial

released

7.0.68-1ubuntu0.3
esm-infra-legacy/trusty

not-affected

7.0.52-1ubuntu0.8
esm-infra/focal

DNE

Показывать по

РелизСтатусПримечание
artful

not-affected

8.0.38-2
bionic

not-affected

8.0.38-2
cosmic

not-affected

8.0.38-2
devel

DNE

disco

DNE

eoan

DNE

esm-apps/bionic

not-affected

8.0.38-2
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

8.0.32-1ubuntu1.3

Показывать по

Ссылки на источники

EPSS

Процентиль: 73%
0.00793
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-6796

CVSS3: 4.2
redhat
больше 8 лет назад

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

nvd логотип

CVE-2016-6796

CVSS3: 7.5
nvd
почти 8 лет назад

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

debian логотип

CVE-2016-6796

CVSS3: 7.5
debian
почти 8 лет назад

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0 ...

github логотип

GHSA-3mjp-p938-4329

CVSS3: 7.5
github
около 3 лет назад

Apache Tomcat vulnerable to SecurityManager bypass

oracle-oval логотип

ELSA-2017-2247

oracle-oval
почти 8 лет назад

ELSA-2017-2247: tomcat security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 73%
0.00793
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Уязвимость CVE-2016-6796