CVE-2016-6797
Description
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.557
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Tomcat to 9.5.14 | Windows |
| Update Tomcat to 9.5.5 | Windows |
| Update Tomcat to 9.5.7 | Windows |
| Update Tomcat to 9.5.8 | Windows |
| Update Tomcat to 9.6.10 | Windows |
| Update Tomcat to 9.6.3 | Windows |
| Update Tomcat to 9.6.4 | Windows |
| Update Tomcat to 9.6.7 | Windows |
| Update Tomcat to 9.6.8 | Windows |
| Update Tomcat to 2.4.5 | Windows |
| Update Tomcat to 3.0.14 | Windows |
| Vulnerabilities CVE-2016-6794,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat 7.0.72 | Windows |
| Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat 8.0.37 | Windows |
| Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat 8.5.5 | Windows |
| Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat 9.0.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2 | Windows |
| tomcat8 security update(DSA-3720-1) tomcat8_8.0.14-1+deb8u4_all.deb | Linux |
| tomcat7 security update(DSA-3721-1) tomcat7_7.0.56-3+deb8u5_all.deb | Linux |
| Update Tomcat to 9.5.14 (For Linux) | Linux |
| Update Tomcat to 9.5.5 (For Linux) | Linux |
| Update Tomcat to 9.5.7 (For Linux) | Linux |
| Update Tomcat to 9.5.8 (For Linux) | Linux |
| Update Tomcat to 9.6.10 (For Linux) | Linux |
| Update Tomcat to 9.6.3 (For Linux) | Linux |
| Update Tomcat to 9.6.4 (For Linux) | Linux |
| Update Tomcat to 9.6.7 (For Linux) | Linux |
| Update Tomcat to 9.6.8 (For Linux) | Linux |
| Update Tomcat to 2.4.5 (For Linux) | Linux |
| Update Tomcat to 3.0.14 (For Linux) | Linux |
| Servlet and JSP engine (USN-4557-1) libservlet2.5-java_6.0.45+dfsg-1ubuntu0.1_all.deb | Linux |
| Vulnerabilities CVE-2016-6794,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat for Linux 7.0.72 | Linux |
| Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat for Linux 8.0.37 | Linux |
| Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat for Linux 8.5.5 | Linux |
| Vulnerabilities CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-0762 are fixed in Apache - tomcat for Linux 9.0.0 | Linux |
| Incorrect Authorization Vulnerability (CVE-2016-6797) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234