vulnerability

HP-UX: CVE-2016-0706: HPE HP-UX running Apache Tomcat 7, Multiple Remote Vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	2016-02-24	2017-08-11	2018-01-08

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

2016-02-24

Added

2017-08-11

Modified

2018-01-08

Description

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

Solution(s)

hpux-update-hpuxws22tomcat-hpuxws22tomcat-tomcathpux-update-hpuxws22tomcat-tomcathpux-update-hpuxws22tomcat-tomcat2

References

BID-83324
CVE-2016-0706
https://attackerkb.com/topics/CVE-2016-0706
DEBIAN-DSA-3530
DEBIAN-DSA-3552
DEBIAN-DSA-3609
REDHAT-RHSA-2016:1087
REDHAT-RHSA-2016:1088
REDHAT-RHSA-2016:1089
REDHAT-RHSA-2016:2045
REDHAT-RHSA-2016:2599
REDHAT-RHSA-2016:2807
REDHAT-RHSA-2016:2808

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today