vulnerability
Red Hat: CVE-2016-0706: Moderate: tomcat security, bug fix, and enhancement update ((Multiple Advisories))
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | 2016-02-24 | 2016-10-21 | 2018-01-17 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
2016-02-24
Added
2016-10-21
Modified
2018-01-17
Description
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
Solution(s)
redhat-upgrade-tomcatredhat-upgrade-tomcat-admin-webappsredhat-upgrade-tomcat-docs-webappredhat-upgrade-tomcat-el-2-2-apiredhat-upgrade-tomcat-javadocredhat-upgrade-tomcat-jsp-2-2-apiredhat-upgrade-tomcat-jsvcredhat-upgrade-tomcat-libredhat-upgrade-tomcat-servlet-3-0-apiredhat-upgrade-tomcat-webappsredhat-upgrade-tomcat6redhat-upgrade-tomcat6-admin-webappsredhat-upgrade-tomcat6-docs-webappredhat-upgrade-tomcat6-el-2-1-apiredhat-upgrade-tomcat6-javadocredhat-upgrade-tomcat6-jsp-2-1-apiredhat-upgrade-tomcat6-libredhat-upgrade-tomcat6-servlet-2-5-apiredhat-upgrade-tomcat6-webapps
References
- SUSE-SUSE-SU-2016:0769
- SUSE-SUSE-SU-2016:0822
- SUSE-SUSE-SU-2016:0839
- REDHAT-RHSA-2016:1087
- REDHAT-RHSA-2016:1088
- REDHAT-RHSA-2016:1089
- REDHAT-RHSA-2016:2045
- REDHAT-RHSA-2016:2599
- REDHAT-RHSA-2016:2807
- REDHAT-RHSA-2016:2808
- DEBIAN-DLA-435-1
- DEBIAN-DSA-3530
- DEBIAN-DSA-3552
- DEBIAN-DSA-3609
- BID-83324
- SECTRACK-1035069
- UBUNTU-USN-3024-1
- GENTOO-GLSA-201705-09
- NVD-CVE-2016-0706
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.