CVE-2016-6794 vulnerability in Apache and Other Products
Published on August 10, 2017
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
Products Associated with CVE-2016-6794
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2016-6794 are published in these products:
Affected Versions
Apache Software Foundation Apache Tomcat:- Version 9.0.0.M1 to 9.0.0.M9 is affected.
- Version 8.5.0 to 8.5.4 is affected.
- Version 8.0.0.RC1 to 8.0.36 is affected.
- Version 7.0.0 to 7.0.70 is affected.
- Version 6.0.0 to 6.0.45 is affected.
Exploit Probability
EPSS
0.49%
Percentile
64.80%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.