CVE-2016-6816

HIGH

Apache Tomcat < 9.0.0.M12 - Improper Input Validation

Title source: rule

Description

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Exploits (1)

exploitdb WORKING POC

by justpentest · textremotemultiple

https://www.exploit-db.com/exploits/41783

View Code ZIP pw:eip

References (36)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0244.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0245.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0246.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0247.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0457.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0527.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2017-0250.html

[Third Party Advisory] http://www.debian.org/security/2016/dsa-3738

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94461

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037332

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:0455

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:0456

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2017:0935

[Release Notes, Vendor Advisory] https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48

[Release Notes, Vendor Advisory] https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73

[Release Notes, Vendor Advisory] https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39

[Release Notes, Vendor Advisory] https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8

[Release Notes, Vendor Advisory] https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13

[Vendor Advisory] https://usn.ubuntu.com/4557-1/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/41783/

... and 16 more

Scores

CVSS v3 7.1

EPSS 0.0292

EPSS Percentile 86.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Details

CWE

CWE-20

Status published

Products (50)

apache/tomcat 6.0.0

apache/tomcat 6.0.1

apache/tomcat 6.0.2

apache/tomcat 6.0.3

apache/tomcat 6.0.4

apache/tomcat 6.0.5

apache/tomcat 6.0.6

apache/tomcat 6.0.7

apache/tomcat 6.0.8

apache/tomcat 6.0.9

... and 40 more

Published Mar 20, 2017

Tracked Since Feb 18, 2026