Vulnerability CVE-2016-6797


Published: 2017-08-10

Description:
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

Type:

CWE-284

(Improper Access Control)

Vendor: Apache
Product: Tomcat 
Version:
9.0.0
8.5.4
8.5.3
8.5.2
8.5.1
8.5.0
8.0.9
8.0.8
8.0.7
8.0.6
8.0.5
8.0.4
8.0.36
8.0.35
8.0.34
8.0.33
8.0.32
8.0.31
8.0.30
8.0.3
8.0.29
8.0.28
8.0.27
8.0.26
8.0.25
8.0.24
8.0.23
8.0.22
8.0.21
8.0.20
8.0.2
8.0.19
8.0.18
8.0.17
8.0.16
8.0.15
8.0.14
8.0.13
8.0.12
8.0.11
8.0.10
8.0.1
8.0.0
8.0
7.0.9
7.0.8
7.0.70
7.0.7
7.0.69
7.0.68
7.0.67
7.0.66
7.0.65
7.0.64
7.0.63
7.0.62
7.0.61
7.0.60
7.0.6
7.0.59
7.0.58
7.0.57
7.0.56
7.0.55
7.0.54
7.0.53
7.0.52
7.0.50
7.0.5
7.0.49
7.0.48
7.0.47
7.0.46
7.0.45
7.0.44
7.0.43
7.0.42
7.0.41
7.0.40
7.0.4
7.0.39
7.0.38
7.0.37
7.0.36
7.0.35
7.0.34
7.0.33
7.0.32
7.0.31
7.0.30
7.0.3
7.0.29
7.0.28
7.0.27
7.0.26
7.0.25
7.0.24
7.0.23
7.0.22
7.0.21
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://www.debian.org/security/2016/dsa-3720
http://www.securityfocus.com/bid/93940
http://www.securitytracker.com/id/1037145
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://access.redhat.com/errata/RHSA-2017:2247
https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3E
https://security.netapp.com/advisory/ntap-20180605-0001/

Related CVE
CVE-2018-8006
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the...
CVE-2018-14889
CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.
CVE-2018-8017
In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
CVE-2018-11762
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that...
CVE-2018-11761
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.
CVE-2018-11787
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access...
CVE-2018-8041
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
CVE-2018-11781
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

Copyright 2018, cxsecurity.com

 

Back to Top