CVE-2016-5018 vulnerability in Apache and Other Products
Published on August 10, 2017

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2016-5018

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2016-5018 are published in these products:

Apache Tomcat

NetApp Oncommand Insight

NetApp Oncommand Shift

NetApp Snap Creator Framework

Canonical Ubuntu Linux

Debian Linux

Red Hat Jboss Enterprise Application Platform

Red Hat Jboss Enterprise Web Server

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Eus

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Workstation

Oracle Tekelec Platform Distribution

Affected Versions

Apache Software Foundation Apache Tomcat:

Version 9.0.0.M1 to 9.0.0.M9 is affected.
Version 8.5.0 to 8.5.4 is affected.
Version 8.0.0.RC1 to 8.0.36 is affected.
Version 7.0.0 to 7.0.70 is affected.
Version 6.0.0 to 6.0.45 is affected.

Exploit Probability

EPSS

1.31%

Percentile

79.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-5018 vulnerability in Apache and Other ProductsPublished on August 10, 2017

Products Associated with CVE-2016-5018

Affected Versions

Exploit Probability

CVE-2016-5018 vulnerability in Apache and Other Products
Published on August 10, 2017