CVE-2016-6816 in Tomcat정보

요약 (영어)

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

예약하다

2016. 08. 12.

공개

2017. 03. 20.

상태

확인됨

엔트리

VulDB provides additional information and datapoints for this CVE:

아이디취약성CWE악용 대책CVE
93797Apache Tomcat HTTP Split 권한 상승20개념 증명공식 수정CVE-2016-6816

설명

CPE

CWE

CVSS

익스플로잇

역사

차이

연결하다

위협 인텔리전스

API JSON

API XML

API CSV

출처

이전개요다음

Want to stay up to date on a daily basis?

Enable the mail alert feature now!