Apache Tomcat <6.0.45-9.0.0.M2 - Privilege Escalation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2016-0714. PoCs published by dannyEndorTest.
AI-analyzed exploit summary This repository demonstrates a vulnerable Java web application targeting CVE-2016-0714 (Tomcat session persistence RCE) and CVE-2013-1814 (Apache Rave info disclosure). It includes a Dockerized environment with vulnerable dependencies (Tomcat 8.0.30, Apache Rave 0.15, etc.) and misconfigurations to exploit these vulnerabilities.
Description
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
Exploits (1)
nomisec
WORKING POC
by dannyEndorTest · poc
https://github.com/dannyEndorTest/java-vulnerable
This repository demonstrates a vulnerable Java web application targeting CVE-2016-0714 (Tomcat session persistence RCE) and CVE-2013-1814 (Apache Rave info disclosure). It includes a Dockerized environment with vulnerable dependencies (Tomcat 8.0.30, Apache Rave 0.15, etc.) and misconfigurations to exploit these vulnerabilities.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Apache Tomcat 8.0.30, Apache Rave 0.15
Auth required
Prerequisites:
Docker environment · Vulnerable Tomcat and Rave versions · Misconfigured session persistence
MITRE ATT&CK
devstral-2 · analyzed May 21, 2026
Full analysis →
References (50)
Core 50
Core References
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201705-09
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1726196
Mailing List mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2016/Feb/145
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-9.html
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3024-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2045.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1725263
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3530
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1726923
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1727166
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1727034
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-7.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1725914
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=145974991225029&w=2
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037640
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1089.html
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-8.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1087
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035069
Various Sources x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa118
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2807.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:1088
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180531-0001/
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2808.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1726203
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1727182
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/83327
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2599.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3609
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3552
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Scores
CVSS v3
8.8
EPSS
0.0709
EPSS Percentile
91.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lab Environment
Details
CWE
CWE-264
Status
published
Products (45)
apache/tomcat
6.0.0 (2 CPE variants)
apache/tomcat
6.0.1 (2 CPE variants)
apache/tomcat
6.0.2 (3 CPE variants)
apache/tomcat
6.0.4 (2 CPE variants)
apache/tomcat
6.0.10
apache/tomcat
6.0.11
apache/tomcat
6.0.13
apache/tomcat
6.0.14
apache/tomcat
6.0.16
apache/tomcat
6.0.18
... and 35 more
Published
Feb 25, 2016
Tracked Since
Feb 18, 2026