CVE-2016-0714

Description

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

References

https://security.netapp.com/advisory/ntap-20180531-0001/

https://security.gentoo.org/glsa/201705-09

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

https://bto.bluecoat.com/security-advisory/sa118

https://access.redhat.com/errata/RHSA-2016:1088

https://access.redhat.com/errata/RHSA-2016:1087

http://www.ubuntu.com/usn/USN-3024-1

http://www.securitytracker.com/id/1037640

http://www.securitytracker.com/id/1035069

http://www.securityfocus.com/bid/83327

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.debian.org/security/2016/dsa-3609

http://www.debian.org/security/2016/dsa-3552

http://www.debian.org/security/2016/dsa-3530

http://tomcat.apache.org/security-9.html

http://tomcat.apache.org/security-8.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-6.html

http://svn.apache.org/viewvc?view=revision&revision=1727182

http://svn.apache.org/viewvc?view=revision&revision=1727166

http://svn.apache.org/viewvc?view=revision&revision=1727034

http://svn.apache.org/viewvc?view=revision&revision=1726923

http://svn.apache.org/viewvc?view=revision&revision=1726203

http://svn.apache.org/viewvc?view=revision&revision=1726196

http://svn.apache.org/viewvc?view=revision&revision=1725914

http://svn.apache.org/viewvc?view=revision&revision=1725263

http://seclists.org/bugtraq/2016/Feb/145

http://rhn.redhat.com/errata/RHSA-2016-2808.html

http://rhn.redhat.com/errata/RHSA-2016-2807.html

http://rhn.redhat.com/errata/RHSA-2016-2599.html

http://rhn.redhat.com/errata/RHSA-2016-2045.html

http://rhn.redhat.com/errata/RHSA-2016-1089.html

http://marc.info/?l=bugtraq&m=145974991225029&w=2

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3