CVE-2016-0714

Severity

65%

Complexity

80%

Confidentiality

106%

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

CVSS 3.0 Base Score 8.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 8 years ago

2016-02-25 01:59:00

Last updated 5 years ago

2019-04-15 16:30:00

Affected Software

Apache Software Foundation Tomcat 6.0.0

6.0.0

Apache Software Foundation Tomcat 6.0.0 alpha

6.0.0

Apache Software Foundation Tomcat 6.0.1

6.0.1

Apache Software Foundation Tomcat 6.0.1 alpha

6.0.1

Apache Software Foundation Tomcat 6.0.2

6.0.2

Apache Software Foundation Tomcat 6.0.2 alpha

6.0.2

Apache Software Foundation Tomcat 6.0.2 beta

6.0.2

Apache Software Foundation Tomcat 6.0.4

6.0.4

Apache Software Foundation Tomcat 6.0.4 alpha

6.0.4

Apache Software Foundation Tomcat 6.0.10

6.0.10

Apache Software Foundation Tomcat 6.0.11

6.0.11

Apache Software Foundation Tomcat 6.0.13

6.0.13

Apache Software Foundation Tomcat 6.0.14

6.0.14

Apache Software Foundation Tomcat 6.0.16

6.0.16

Apache Software Foundation Tomcat 6.0.18

6.0.18

Apache Software Foundation Tomcat 6.0.20

6.0.20

Apache Software Foundation Tomcat 6.0.24

6.0.24

Apache Software Foundation Tomcat 6.0.26

6.0.26

Apache Software Foundation Tomcat 6.0.28

6.0.28

Apache Software Foundation Tomcat 6.0.29

6.0.29

Apache Software Foundation Tomcat 6.0.30

6.0.30

Apache Software Foundation Tomcat 6.0.32

6.0.32

Apache Software Foundation Tomcat 6.0.33

6.0.33

Apache Software Foundation Tomcat 6.0.35

6.0.35

Apache Software Foundation Tomcat 6.0.36

6.0.36

Apache Software Foundation Tomcat 6.0.37

6.0.37

Apache Software Foundation Tomcat 6.0.41

6.0.41

Apache Software Foundation Tomcat 6.0.43

6.0.43

Apache Tomcat 6.0.44

6.0.44

Apache Software Foundation Tomcat 7.0.0 beta

7.0.0

Apache Software Foundation Tomcat 7.0.2 beta

7.0.2

Apache Software Foundation Tomcat 7.0.4 beta

7.0.4

Apache Tomcat 7.0.5 Beta

7.0.5

Apache Software Foundation Tomcat 7.0.6

7.0.6

Apache Software Foundation Tomcat 7.0.10

7.0.10

Apache Software Foundation Tomcat 7.0.11

7.0.11

Apache Software Foundation Tomcat 7.0.12

7.0.12

Apache Software Foundation Tomcat 7.0.14

7.0.14

Apache Software Foundation Tomcat 7.0.16

7.0.16

Apache Software Foundation Tomcat 7.0.19

7.0.19

Apache Software Foundation Tomcat 7.0.20

7.0.20

Apache Software Foundation Tomcat 7.0.21

7.0.21

Apache Software Foundation Tomcat 7.0.22

7.0.22

Apache Software Foundation Tomcat 7.0.23

7.0.23

Apache Software Foundation Tomcat 7.0.25

7.0.25

Apache Software Foundation Tomcat 7.0.26

7.0.26

Apache Software Foundation Tomcat 7.0.27

7.0.27

Apache Software Foundation Tomcat 7.0.28

7.0.28

Apache Software Foundation Tomcat 7.0.29

7.0.29

Apache Software Foundation Tomcat 7.0.30

7.0.30

Apache Software Foundation Tomcat 7.0.32

7.0.32

Apache Software Foundation Tomcat 7.0.33

7.0.33

Apache Software Foundation Tomcat 7.0.34

7.0.34

Apache Software Foundation Tomcat 7.0.35

7.0.35

Apache Software Foundation Tomcat 7.0.37

7.0.37

Apache Software Foundation Tomcat 7.0.39

7.0.39

Apache Software Foundation Tomcat 7.0.40

7.0.40

Apache Software Foundation Tomcat 7.0.41

7.0.41

Apache Software Foundation Tomcat 7.0.42

7.0.42

Apache Software Foundation Tomcat 7.0.47

7.0.47

Apache Software Foundation Tomcat 7.0.50

7.0.50

Apache Software Foundation Tomcat 7.0.52

7.0.52

Apache Software Foundation Tomcat 7.0.53

7.0.53

Apache Software Foundation Tomcat 7.0.54

7.0.54

Apache Software Foundation Tomcat 7.0.55

7.0.55

Apache Software Foundation Tomcat 7.0.56

7.0.56

Apache Software Foundation Tomcat 7.0.57

7.0.57

Apache Tomcat 7.0.59

7.0.59

Apache Tomcat 7.0.61

7.0.61

Apache Tomcat 7.0.62

7.0.62

Apache Tomcat 7.0.63

7.0.63

Apache Tomcat 7.0.64

7.0.64

Apache Software Foundation Tomcat 7.0.65

7.0.65

Apache Software Foundation Tomcat 7.0.67

7.0.67

Apache Software Foundation Tomcat 8.0.0 Release Candidate 1

8.0.0

Apache Software Foundation Tomcat 8.0.0 release candidate 10

8.0.0

Apache Software Foundation Tomcat 8.0.0 Release Candidate 3

8.0.0

Apache Software Foundation Tomcat 8.0.0 release candidate 5

8.0.0

Apache Software Foundation Tomcat 8.0.1

8.0.1

Apache Software Foundation Tomcat 8.0.3

8.0.3

Apache Software Foundation Tomcat 8.0.11

8.0.11

Apache Software Foundation Tomcat 8.0.12

8.0.12

Apache Software Foundation Tomcat 8.0.14

8.0.14

Apache Software Foundation Tomcat 8.0.15

8.0.15

Apache Tomcat 8.0.17

8.0.17

Apache Tomcat 8.0.18

8.0.18

Apache Tomcat 8.0.20

8.0.20

Apache Tomcat 8.0.21

8.0.21

Apache Tomcat 8.0.22

8.0.22

Apache Tomcat 8.0.23

8.0.23

Apache Tomcat 8.0.24

8.0.24

Apache Tomcat 8.0.26

8.0.26

Apache Software Foundation Tomcat 8.0.27

8.0.27

Apache Software Foundation Tomcat 8.0.28

8.0.28

Apache Software Foundation Tomcat 8.0.29

8.0.29

Apache Software Foundation Tomcat 8.0.30

8.0.30

Apache Software Foundation Tomcat 9.0.0 M1

9.0.0

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.10

15.10

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

References

SUSE-SU-2016:0769

SUSE-SU-2016:0822

SUSE-SU-2016:0839

openSUSE-SU-2016:0865

HPSBUX03561

RHSA-2016:1089

RHSA-2016:2045

RHSA-2016:2599

RHSA-2016:2807

RHSA-2016:2808

20160222 [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass

http://svn.apache.org/viewvc?view=revision&revision=1725263

http://svn.apache.org/viewvc?view=revision&revision=1725914

http://svn.apache.org/viewvc?view=revision&revision=1726196

http://svn.apache.org/viewvc?view=revision&revision=1726203

http://svn.apache.org/viewvc?view=revision&revision=1726923

http://svn.apache.org/viewvc?view=revision&revision=1727034

http://svn.apache.org/viewvc?view=revision&revision=1727166

http://svn.apache.org/viewvc?view=revision&revision=1727182

http://tomcat.apache.org/security-6.html

Vendor Advisory

http://tomcat.apache.org/security-7.html

Vendor Advisory

http://tomcat.apache.org/security-8.html

Vendor Advisory

http://tomcat.apache.org/security-9.html

Vendor Advisory

DSA-3530

DSA-3552

DSA-3609

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

83327

1035069

1037640

USN-3024-1

RHSA-2016:1087

RHSA-2016:1088

https://bto.bluecoat.com/security-advisory/sa118

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/

GLSA-201705-09

https://security.netapp.com/advisory/ntap-20180531-0001/

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.