PT-2016-7115 · Apache+5 · Apache Tomcat+5

Publicado

2016-09-05

·

Atualizado

2023-12-08

·

CVE-2016-6796

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 9.0.0.M1 through 9.0.0.M9 Apache Tomcat versions 8.5.0 through 8.5.4 Apache Tomcat versions 8.0.0.RC1 through 8.0.36 Apache Tomcat versions 7.0.0 through 7.0.70 Apache Tomcat versions 6.0.0 through 6.0.45
Description A malicious web application was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
Recommendations For Apache Tomcat versions 9.0.0.M1 through 9.0.0.M9, update the configuration parameters for the JSP Servlet to prevent manipulation. For Apache Tomcat versions 8.5.0 through 8.5.4, update the configuration parameters for the JSP Servlet to prevent manipulation. For Apache Tomcat versions 8.0.0.RC1 through 8.0.36, update the configuration parameters for the JSP Servlet to prevent manipulation. For Apache Tomcat versions 7.0.0 through 7.0.70, update the configuration parameters for the JSP Servlet to prevent manipulation. For Apache Tomcat versions 6.0.0 through 6.0.45, update the configuration parameters for the JSP Servlet to prevent manipulation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2017-2558
CESA-2017_2247
CVE-2016-6796
DLA-728-1
DLA-729-1
DSA-3720-1
DSA-3721-1
GHSA-3MJP-P938-4329
MGASA-2016-0367
OPENSUSE-SU-2016_3129-1
OPENSUSE-SU-2016_3144-1
RHSA-2017:0455
RHSA-2017:0456
RHSA-2017:1548
RHSA-2017:1549
RHSA-2017:1550
RHSA-2017:1552
RHSA-2017:2247
RHSA-2017_2247
SUSE-SU-2016:3079-1
SUSE-SU-2016:3081-1
SUSE-SU-2017:1632-1
SUSE-SU-2017:1660-1
USN-3177-1
USN-3177-2
USN-4557-1

Produtos afetados

Alt Linux
Apache Tomcat
Centos
Red Hat
Suse
Ubuntu