CVE-2016-0706

MEDIUM

Apache Tomcat <6.0.45-9.0.0.M2 - Auth Bypass

Title source: llm

Description

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

References (45)

[Patch] http://svn.apache.org/viewvc?view=revision&revision=1722800

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-1089.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2045.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2599.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2807.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2808.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

[Third Party Advisory] http://marc.info/?l=bugtraq&m=145974991225029&w=2

[Mailing List] http://seclists.org/bugtraq/2016/Feb/144

[Issue Tracking] http://svn.apache.org/viewvc?view=revision&revision=1722799

[Issue Tracking] http://svn.apache.org/viewvc?view=revision&revision=1722801

[Issue Tracking] http://svn.apache.org/viewvc?view=revision&revision=1722802

[Vendor Advisory] http://tomcat.apache.org/security-6.html

[Vendor Advisory] http://tomcat.apache.org/security-7.html

[Vendor Advisory] http://tomcat.apache.org/security-8.html

[Vendor Advisory] http://tomcat.apache.org/security-9.html

[Mailing List, Third Party Advisory] http://www.debian.org/security/2016/dsa-3530

... and 25 more

Scores

CVSS v3 4.3

EPSS 0.0154

EPSS Percentile 81.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (50)

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

debian/debian_linux

debian/debian_linux

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

apache/tomcat

... and 35 more

Timeline

Published Feb 25, 2016

Tracked Since Feb 18, 2026