CVE-2016-6816 in Tomcatinfo

Summary

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

08/12/2016

Disclosure

03/20/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
93797	Apache Tomcat HTTP Split input validation	20	Proof-of-Concept	Official fix	CVE-2016-6816

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!