CVE-2016-6816
Description
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score
Exploitation Probability
2.781
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Tomcat to 9.5.14 | Windows |
| Update Tomcat to 9.5.5 | Windows |
| Update Tomcat to 9.5.7 | Windows |
| Update Tomcat to 9.5.8 | Windows |
| Update Tomcat to 9.6.10 | Windows |
| Update Tomcat to 9.6.3 | Windows |
| Update Tomcat to 9.6.4 | Windows |
| Update Tomcat to 9.6.7 | Windows |
| Update Tomcat to 9.6.8 | Windows |
| Update Tomcat to 2.4.5 | Windows |
| Update Tomcat to 3.0.14 | Windows |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate 9.0.0 | Windows |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate 8.5.8 | Windows |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate 8.0.39 | Windows |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate 7.0.73 | Windows |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate 6.0.48 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2 | Windows |
| tomcat7 security update(DSA-3738-1) tomcat7_7.0.56-3+deb8u6_all.deb | Linux |
| tomcat8 security update(DSA-3739-1) tomcat8_8.0.14-1+deb8u5_all.deb | Linux |
| Update Tomcat to 9.5.14 (For Linux) | Linux |
| Update Tomcat to 9.5.5 (For Linux) | Linux |
| Update Tomcat to 9.5.7 (For Linux) | Linux |
| Update Tomcat to 9.5.8 (For Linux) | Linux |
| Update Tomcat to 9.6.10 (For Linux) | Linux |
| Update Tomcat to 9.6.3 (For Linux) | Linux |
| Update Tomcat to 9.6.4 (For Linux) | Linux |
| Update Tomcat to 9.6.7 (For Linux) | Linux |
| Update Tomcat to 9.6.8 (For Linux) | Linux |
| Update Tomcat to 2.4.5 (For Linux) | Linux |
| Update Tomcat to 3.0.14 (For Linux) | Linux |
| Servlet and JSP engine (USN-4557-1) libservlet2.5-java_6.0.45+dfsg-1ubuntu0.1_all.deb | Linux |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate for Linux 9.0.0 | Linux |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate for Linux 8.5.8 | Linux |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate for Linux 8.0.39 | Linux |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate for Linux 7.0.73 | Linux |
| Vulnerabilities CVE-2016-6816 are fixed in Apache-tomcat-coyate for Linux 6.0.48 | Linux |
| Improper Input Validation Vulnerability (CVE-2016-6816) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234