8.8

CVE-2016-0714

EPSS 10.32%
Veröffentlicht 25.02.2016 01:59:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 53

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version6.0.0

Apache ≫ Tomcat Version6.0.0 Updatealpha

Apache ≫ Tomcat Version6.0.1

Apache ≫ Tomcat Version6.0.1 Updatealpha

Apache ≫ Tomcat Version6.0.2

Apache ≫ Tomcat Version6.0.2 Updatealpha

Apache ≫ Tomcat Version6.0.2 Updatebeta

Apache ≫ Tomcat Version6.0.4

Apache ≫ Tomcat Version6.0.4 Updatealpha

Apache ≫ Tomcat Version6.0.10

Apache ≫ Tomcat Version6.0.11

Apache ≫ Tomcat Version6.0.13

Apache ≫ Tomcat Version6.0.14

Apache ≫ Tomcat Version6.0.16

Apache ≫ Tomcat Version6.0.18

Apache ≫ Tomcat Version6.0.20

Apache ≫ Tomcat Version6.0.24

Apache ≫ Tomcat Version6.0.26

Apache ≫ Tomcat Version6.0.28

Apache ≫ Tomcat Version6.0.29

Apache ≫ Tomcat Version6.0.30

Apache ≫ Tomcat Version6.0.32

Apache ≫ Tomcat Version6.0.33

Apache ≫ Tomcat Version6.0.35

Apache ≫ Tomcat Version6.0.36

Apache ≫ Tomcat Version6.0.37

Apache ≫ Tomcat Version6.0.39

Apache ≫ Tomcat Version6.0.41

Apache ≫ Tomcat Version6.0.43

Apache ≫ Tomcat Version6.0.44

Apache ≫ Tomcat Version7.0.0 Updatebeta

Apache ≫ Tomcat Version7.0.2 Updatebeta

Apache ≫ Tomcat Version7.0.4 Updatebeta

Apache ≫ Tomcat Version7.0.5 Updatebeta

Apache ≫ Tomcat Version7.0.6

Apache ≫ Tomcat Version7.0.10

Apache ≫ Tomcat Version7.0.11

Apache ≫ Tomcat Version7.0.12

Apache ≫ Tomcat Version7.0.14

Apache ≫ Tomcat Version7.0.16

Apache ≫ Tomcat Version7.0.19

Apache ≫ Tomcat Version7.0.20

Apache ≫ Tomcat Version7.0.21

Apache ≫ Tomcat Version7.0.22

Apache ≫ Tomcat Version7.0.23

Apache ≫ Tomcat Version7.0.25

Apache ≫ Tomcat Version7.0.26

Apache ≫ Tomcat Version7.0.27

Apache ≫ Tomcat Version7.0.28

Apache ≫ Tomcat Version7.0.29

Apache ≫ Tomcat Version7.0.30

Apache ≫ Tomcat Version7.0.32

Apache ≫ Tomcat Version7.0.33

Apache ≫ Tomcat Version7.0.34

Apache ≫ Tomcat Version7.0.35

Apache ≫ Tomcat Version7.0.37

Apache ≫ Tomcat Version7.0.39

Apache ≫ Tomcat Version7.0.40

Apache ≫ Tomcat Version7.0.41

Apache ≫ Tomcat Version7.0.42

Apache ≫ Tomcat Version7.0.47

Apache ≫ Tomcat Version7.0.50

Apache ≫ Tomcat Version7.0.52

Apache ≫ Tomcat Version7.0.53

Apache ≫ Tomcat Version7.0.54

Apache ≫ Tomcat Version7.0.55

Apache ≫ Tomcat Version7.0.56

Apache ≫ Tomcat Version7.0.57

Apache ≫ Tomcat Version7.0.59

Apache ≫ Tomcat Version7.0.61

Apache ≫ Tomcat Version7.0.62

Apache ≫ Tomcat Version7.0.63

Apache ≫ Tomcat Version7.0.64

Apache ≫ Tomcat Version7.0.65

Apache ≫ Tomcat Version7.0.67

Apache ≫ Tomcat Version8.0.0 Updaterc1

Apache ≫ Tomcat Version8.0.0 Updaterc10

Apache ≫ Tomcat Version8.0.0 Updaterc3

Apache ≫ Tomcat Version8.0.0 Updaterc5

Apache ≫ Tomcat Version8.0.1

Apache ≫ Tomcat Version8.0.3

Apache ≫ Tomcat Version8.0.11

Apache ≫ Tomcat Version8.0.12

Apache ≫ Tomcat Version8.0.14

Apache ≫ Tomcat Version8.0.15

Apache ≫ Tomcat Version8.0.17

Apache ≫ Tomcat Version8.0.18

Apache ≫ Tomcat Version8.0.20

Apache ≫ Tomcat Version8.0.21

Apache ≫ Tomcat Version8.0.22

Apache ≫ Tomcat Version8.0.23

Apache ≫ Tomcat Version8.0.24

Apache ≫ Tomcat Version8.0.26

Apache ≫ Tomcat Version8.0.27

Apache ≫ Tomcat Version8.0.28

Apache ≫ Tomcat Version8.0.29

Apache ≫ Tomcat Version8.0.30

Apache ≫ Tomcat Version9.0.0 Updatemilestone1

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version15.10

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.32%	0.929

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://tomcat.apache.org/security-6.html

Vendor Advisory

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://tomcat.apache.org/security-7.html

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://tomcat.apache.org/security-8.html

Vendor Advisory

http://www.debian.org/security/2016/dsa-3530

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

http://www.debian.org/security/2016/dsa-3552

http://rhn.redhat.com/errata/RHSA-2016-1089.html

http://marc.info/?l=bugtraq&m=145974991225029&w=2

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

http://rhn.redhat.com/errata/RHSA-2016-2045.html

http://rhn.redhat.com/errata/RHSA-2016-2599.html

http://www.debian.org/security/2016/dsa-3609

http://www.ubuntu.com/usn/USN-3024-1

https://bto.bluecoat.com/security-advisory/sa118

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

https://security.gentoo.org/glsa/201705-09

https://security.netapp.com/advisory/ntap-20180531-0001/

http://tomcat.apache.org/security-9.html

Vendor Advisory

https://access.redhat.com/errata/RHSA-2016:1087

https://access.redhat.com/errata/RHSA-2016:1088

http://rhn.redhat.com/errata/RHSA-2016-2807.html

http://rhn.redhat.com/errata/RHSA-2016-2808.html

http://www.securitytracker.com/id/1035069

http://seclists.org/bugtraq/2016/Feb/145

http://svn.apache.org/viewvc?view=revision&revision=1725263

http://svn.apache.org/viewvc?view=revision&revision=1725914

http://svn.apache.org/viewvc?view=revision&revision=1726196

http://svn.apache.org/viewvc?view=revision&revision=1726203

http://svn.apache.org/viewvc?view=revision&revision=1726923

http://svn.apache.org/viewvc?view=revision&revision=1727034

http://svn.apache.org/viewvc?view=revision&revision=1727166

http://svn.apache.org/viewvc?view=revision&revision=1727182

http://www.securityfocus.com/bid/83327

http://www.securitytracker.com/id/1037640

https://nvd.nist.gov/vuln/detail/CVE-2016-0714

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-0714

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-0714

EUVD