CVE-2016-6796 in Tomcatinfo

Summary

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

ID	Vulnerability	CWE	Exp	Cou	CVE
93206	Apache Tomcat Configuration 7pk security	254	Not defined	Official fix	CVE-2016-6796

Reservation

08/12/2016

Disclosure

08/10/2017

Status

Confirmed

Entries

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6796
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6796
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6796/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!