CVE-2016-0714
Description
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.009
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Tomcat to 9.5.14 | Windows |
| Update Tomcat to 9.5.5 | Windows |
| Update Tomcat to 9.5.7 | Windows |
| Update Tomcat to 9.5.8 | Windows |
| Update Tomcat to 9.6.10 | Windows |
| Update Tomcat to 9.6.3 | Windows |
| Update Tomcat to 9.6.4 | Windows |
| Update Tomcat to 9.6.7 | Windows |
| Update Tomcat to 9.6.8 | Windows |
| Update Tomcat to 2.4.5 | Windows |
| Update Tomcat to 3.0.14 | Windows |
| Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0714,CVE-2016-0706,CVE-2015-5345 are fixed in Apache - tomcat 9.0.0 | Windows |
| Vulnerabilities CVE-2016-0763,CVE-2016-0714 are fixed in Apache - tomcat 8.0.32 | Windows |
| Vulnerabilities CVE-2016-0714 are fixed in Apache - tomcat 7.0.70 | Windows |
| Vulnerabilities CVE-2016-0714,CVE-2016-6796,CVE-2016-0762 are fixed in Apache - tomcat 6.0.46 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2 | Windows |
| Update Tomcat to 9.5.14 (For Linux) | Linux |
| Update Tomcat to 9.5.5 (For Linux) | Linux |
| Update Tomcat to 9.5.7 (For Linux) | Linux |
| Update Tomcat to 9.5.8 (For Linux) | Linux |
| Update Tomcat to 9.6.10 (For Linux) | Linux |
| Update Tomcat to 9.6.3 (For Linux) | Linux |
| Update Tomcat to 9.6.4 (For Linux) | Linux |
| Update Tomcat to 9.6.7 (For Linux) | Linux |
| Update Tomcat to 9.6.8 (For Linux) | Linux |
| Update Tomcat to 2.4.5 (For Linux) | Linux |
| Update Tomcat to 3.0.14 (For Linux) | Linux |
| Vulnerabilities CVE-2015-5346,CVE-2015-5351,CVE-2016-0714,CVE-2016-0706,CVE-2015-5345 are fixed in Apache - tomcat for Linux 9.0.0 | Linux |
| Vulnerabilities CVE-2016-0763,CVE-2016-0714 are fixed in Apache - tomcat for Linux 8.0.32 | Linux |
| Vulnerabilities CVE-2016-0714 are fixed in Apache - tomcat for Linux 7.0.70 | Linux |
| Vulnerabilities CVE-2016-0714,CVE-2016-6796,CVE-2016-0762 are fixed in Apache - tomcat for Linux 6.0.46 | Linux |
| CVE-2016-0714 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234