CVE-2016-6816
HIGHApache Tomcat 6.0.0-6.0.47, 7.0.0-7.0.72, 8.0.0.RC1-8.0.38, 8.5.0-8.5.6, 9.0.0.M1-9.0.0.M11 - HTTP Response Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2016-6816. PoCs published by justpentest.
AI-analyzed exploit summary This exploit demonstrates a security bypass vulnerability in Apache Tomcat by injecting invalid characters into HTTP requests, potentially leading to cache poisoning, XSS, or information disclosure. The PoC provides specific HTTP GET requests that manipulate the response.
Description
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
Exploits (1)
exploitdb
WORKING POC
by justpentest · textremotemultiple
https://www.exploit-db.com/exploits/41783
This exploit demonstrates a security bypass vulnerability in Apache Tomcat by injecting invalid characters into HTTP requests, potentially leading to cache poisoning, XSS, or information disclosure. The PoC provides specific HTTP GET requests that manipulate the response.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72, 6.0.0 through 6.0.47
No auth needed
Prerequisites:
Access to the target Apache Tomcat server · Ability to send crafted HTTP requests
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (36)
Core 36
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94461
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3738
Release Notes, Vendor Advisory x_refsource_confirm
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0244.html
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0935
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180607-0001/
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0457.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0246.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037332
Release Notes, Vendor Advisory x_refsource_confirm
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8
Release Notes, Vendor Advisory x_refsource_confirm
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0455
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0527.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0245.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0456
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0247.html
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4557-1/
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0250.html
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/41783/
Release Notes, Vendor Advisory x_refsource_confirm
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39
Release Notes, Vendor Advisory x_refsource_confirm
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13
Scores
CVSS v3
7.1
EPSS
0.0326
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (50)
apache/tomcat
6.0.0
apache/tomcat
6.0.1
apache/tomcat
6.0.2
apache/tomcat
6.0.3
apache/tomcat
6.0.4
apache/tomcat
6.0.5
apache/tomcat
6.0.6
apache/tomcat
6.0.7
apache/tomcat
6.0.8
apache/tomcat
6.0.9
... and 40 more
Published
Mar 20, 2017
Tracked Since
Feb 18, 2026