8.8
CVE-2016-0714
- EPSS 13.08%
- Veröffentlicht 25.02.2016 01:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.08% | 0.959 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://tomcat.apache.org/security-6.html
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://tomcat.apache.org/security-7.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://tomcat.apache.org/security-8.html
http://www.debian.org/security/2016/dsa-3530
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
http://www.debian.org/security/2016/dsa-3552
http://rhn.redhat.com/errata/RHSA-2016-1089.html
http://marc.info/?l=bugtraq&m=145974991225029&w=2
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
http://rhn.redhat.com/errata/RHSA-2016-2045.html
http://rhn.redhat.com/errata/RHSA-2016-2599.html
http://www.debian.org/security/2016/dsa-3609
http://www.ubuntu.com/usn/USN-3024-1
https://bto.bluecoat.com/security-advisory/sa118
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
https://security.gentoo.org/glsa/201705-09
https://security.netapp.com/advisory/ntap-20180531-0001/
http://tomcat.apache.org/security-9.html
https://access.redhat.com/errata/RHSA-2016:1087
https://access.redhat.com/errata/RHSA-2016:1088
http://rhn.redhat.com/errata/RHSA-2016-2807.html
http://rhn.redhat.com/errata/RHSA-2016-2808.html
http://www.securitytracker.com/id/1035069
http://seclists.org/bugtraq/2016/Feb/145
http://svn.apache.org/viewvc?view=revision&revision=1725263
http://svn.apache.org/viewvc?view=revision&revision=1725914
http://svn.apache.org/viewvc?view=revision&revision=1726196
http://svn.apache.org/viewvc?view=revision&revision=1726203
http://svn.apache.org/viewvc?view=revision&revision=1726923
http://svn.apache.org/viewvc?view=revision&revision=1727034
http://svn.apache.org/viewvc?view=revision&revision=1727166
http://svn.apache.org/viewvc?view=revision&revision=1727182
http://www.securityfocus.com/bid/83327
http://www.securitytracker.com/id/1037640