CVE-2016-6796 vulnerability in Apache and Other Products
Published on August 11, 2017

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2016-6796

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2016-6796 are published in these products:

Apache Tomcat

Debian Linux

NetApp Oncommand Insight

NetApp Oncommand Shift

NetApp Snap Creator Framework

Canonical Ubuntu Linux

Oracle Tekelec Platform Distribution

Red Hat Jboss Enterprise Application Platform

Red Hat Jboss Enterprise Web Server

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Eus

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Tus

Red Hat Enterprise Linux Workstation

Affected Versions

Apache Software Foundation Apache Tomcat:

Version 9.0.0.M1 to 9.0.0.M9 is affected.
Version 8.5.0 to 8.5.4 is affected.
Version 8.0.0.RC1 to 8.0.36 is affected.
Version 7.0.0 to 7.0.70 is affected.
Version 6.0.0 to 6.0.45 is affected.

Exploit Probability

EPSS

0.75%

Percentile

72.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-6796 vulnerability in Apache and Other ProductsPublished on August 11, 2017

Products Associated with CVE-2016-6796

Affected Versions

Exploit Probability

CVE-2016-6796 vulnerability in Apache and Other Products
Published on August 11, 2017