Home

CVE-2016-6796

Description

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.822

Associated Vulnerability

VulnerabilityOS Platform
Update Tomcat to 9.5.14Windows
Update Tomcat to 9.5.5Windows
Update Tomcat to 9.5.7Windows
Update Tomcat to 9.5.8Windows
Update Tomcat to 9.6.10Windows
Update Tomcat to 9.6.3Windows
Update Tomcat to 9.6.4Windows
Update Tomcat to 9.6.7Windows
Update Tomcat to 9.6.8Windows
Update Tomcat to 2.4.5Windows
Update Tomcat to 3.0.14Windows
Vulnerabilities CVE-2016-0714,CVE-2016-6796,CVE-2016-0762 are fixed in Apache - tomcat 6.0.46Windows
Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat 8.0.37Windows
Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat 8.5.5Windows
Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat 9.0.0Windows
Vulnerabilities CVE-2016-6796 are fixed in Apache - tomcat 7.0.71Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2Windows
Servlet and JSP engine (USN-3081-1) tomcat8_8.0.32-1ubuntu1.3_all.debLinux
Servlet and JSP engine (USN-3081-1) libtomcat8-java_8.0.32-1ubuntu1.3_all.debLinux
Servlet and JSP engine (USN-3177-1) tomcat6_6.0.35-1ubuntu3.9_all.debLinux
Servlet and JSP engine (USN-3177-1) tomcat7_7.0.52-1ubuntu0.8_all.debLinux
Servlet and JSP engine (USN-3177-1) tomcat8_8.0.32-1ubuntu1.3_all.debLinux
Servlet and JSP engine (USN-3177-1) tomcat8_8.0.37-1ubuntu0.1_all.debLinux
Servlet and JSP engine (USN-3177-1) libtomcat6-java_6.0.35-1ubuntu3.9_all.debLinux
Servlet and JSP engine (USN-3177-1) libtomcat7-java_7.0.52-1ubuntu0.8_all.debLinux
Servlet and JSP engine (USN-3177-1) libtomcat8-java_8.0.32-1ubuntu1.3_all.debLinux
tomcat8 security update(DSA-3720-1) tomcat8_8.0.14-1+deb8u4_all.debLinux
tomcat7 security update(DSA-3721-1) tomcat7_7.0.56-3+deb8u5_all.debLinux
Update Tomcat to 9.5.14 (For Linux)Linux
Update Tomcat to 9.5.5 (For Linux)Linux
Update Tomcat to 9.5.7 (For Linux)Linux
Update Tomcat to 9.5.8 (For Linux)Linux
Update Tomcat to 9.6.10 (For Linux)Linux
Update Tomcat to 9.6.3 (For Linux)Linux
Update Tomcat to 9.6.4 (For Linux)Linux
Update Tomcat to 9.6.7 (For Linux)Linux
Update Tomcat to 9.6.8 (For Linux)Linux
Update Tomcat to 2.4.5 (For Linux)Linux
Update Tomcat to 3.0.14 (For Linux)Linux
Servlet and JSP engine (USN-4557-1) libservlet2.5-java_6.0.45+dfsg-1ubuntu0.1_all.debLinux
Vulnerabilities CVE-2016-0714,CVE-2016-6796,CVE-2016-0762 are fixed in Apache - tomcat for Linux 6.0.46Linux
Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat for Linux 8.0.37Linux
Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat for Linux 8.5.5Linux
Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat for Linux 9.0.0Linux
Vulnerabilities CVE-2016-6796 are fixed in Apache - tomcat for Linux 7.0.71Linux
CVE-2016-6796NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234