CVE-2016-6797 vulnerability in Apache and Other Products
Published on August 10, 2017
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
Products Associated with CVE-2016-6797
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2016-6797 are published in these products:
Affected Versions
Apache Software Foundation Apache Tomcat:- Version 9.0.0.M1 to 9.0.0.M9 is affected.
- Version 8.5.0 to 8.5.4 is affected.
- Version 8.0.0.RC1 to 8.0.36 is affected.
- Version 7.0.0 to 7.0.70 is affected.
- Version 6.0.0 to 6.0.45 is affected.
Exploit Probability
EPSS
0.56%
Percentile
67.73%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.