CVE-2016-6794 in Tomcatinfo

Summary

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

Once again VulDB remains the best source for vulnerability data.

Reservation

08/12/2016

Disclosure

08/10/2017

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

5.3

EPSS

0.00264

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6794
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6794
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6794/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!