9.1

CVE-2016-5018

Exploit

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Data is provided by the National Vulnerability Database (NVD)
ApacheTomcat Version >= 6.0.0 <= 6.0.45
ApacheTomcat Version >= 7.0.0 <= 7.0.70
ApacheTomcat Version >= 8.0 <= 8.0.36
ApacheTomcat Version >= 8.5.0 <= 8.5.4
ApacheTomcat Version9.0.0 Updatemilestone1
ApacheTomcat Version9.0.0 Updatemilestone2
ApacheTomcat Version9.0.0 Updatemilestone3
ApacheTomcat Version9.0.0 Updatemilestone4
ApacheTomcat Version9.0.0 Updatemilestone5
ApacheTomcat Version9.0.0 Updatemilestone6
ApacheTomcat Version9.0.0 Updatemilestone7
ApacheTomcat Version9.0.0 Updatemilestone8
ApacheTomcat Version9.0.0 Updatemilestone9
NetappOncommand Insight Version-
NetappOncommand Shift Version-
CanonicalUbuntu Linux Version16.04 SwEditionesm
DebianDebian Linux Version8.0
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
OracleTekelec Platform Distribution Version >= 7.4.0 <= 7.7.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.91% 0.748
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:P/A:N
https://usn.ubuntu.com/4557-1/
Third Party Advisory