CVE-2016-0714 in Oracle Communicationsinfo

Summary

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

Reservation

12/16/2015

Disclosure

02/23/2016

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
121571Oracle Communications Policy Management access control264Not definedOfficial fixCVE-2016-0714
108066Oracle Management Pack for GoldenGate Apache Tomcat access control264Not definedOfficial fixCVE-2016-0714
99969Oracle WebCenter Sites Apache Tomcat access control264Not definedOfficial fixCVE-2016-0714
95706Oracle MySQL Enterprise Monitor Monitoring access control264Not definedOfficial fixCVE-2016-0714
92986Oracle Virtual Desktop Infrastructure Apache Tomcat access control264Not definedOfficial fixCVE-2016-0714
92968Oracle Transportation Management Install access control264Not definedOfficial fixCVE-2016-0714
81080Apache Tomcat Session Persistence access control264UnprovenOfficial fixCVE-2016-0714

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!