CVE-2016-0714

Published: Feb 25, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

Affected (104)

Products: Apache: Tomcat · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

Configuration A

98 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 6.0.0
Apache Tomcat	Version 6.0.0 alpha
Apache Tomcat	Version 6.0.10
Apache Tomcat	Version 6.0.11
Apache Tomcat	Version 6.0.13
Apache Tomcat	Version 6.0.14
Apache Tomcat	Version 6.0.16
Apache Tomcat	Version 6.0.18
Apache Tomcat	Version 6.0.1
Apache Tomcat	Version 6.0.1 alpha
Apache Tomcat	Version 6.0.20
Apache Tomcat	Version 6.0.24
Apache Tomcat	Version 6.0.26
Apache Tomcat	Version 6.0.28
Apache Tomcat	Version 6.0.29
Apache Tomcat	Version 6.0.2
Apache Tomcat	Version 6.0.2 alpha
Apache Tomcat	Version 6.0.2 beta
Apache Tomcat	Version 6.0.30
Apache Tomcat	Version 6.0.32
Apache Tomcat	Version 6.0.33
Apache Tomcat	Version 6.0.35
Apache Tomcat	Version 6.0.36
Apache Tomcat	Version 6.0.37
Apache Tomcat	Version 6.0.39
Apache Tomcat	Version 6.0.41
Apache Tomcat	Version 6.0.43
Apache Tomcat	Version 6.0.44
Apache Tomcat	Version 6.0.4
Apache Tomcat	Version 6.0.4 alpha
Apache Tomcat	Version 7.0.0 beta
Apache Tomcat	Version 7.0.10
Apache Tomcat	Version 7.0.11
Apache Tomcat	Version 7.0.12
Apache Tomcat	Version 7.0.14
Apache Tomcat	Version 7.0.16
Apache Tomcat	Version 7.0.19
Apache Tomcat	Version 7.0.20
Apache Tomcat	Version 7.0.21
Apache Tomcat	Version 7.0.22
Apache Tomcat	Version 7.0.23
Apache Tomcat	Version 7.0.25
Apache Tomcat	Version 7.0.26
Apache Tomcat	Version 7.0.27
Apache Tomcat	Version 7.0.28
Apache Tomcat	Version 7.0.29
Apache Tomcat	Version 7.0.2 beta
Apache Tomcat	Version 7.0.30
Apache Tomcat	Version 7.0.32
Apache Tomcat	Version 7.0.33
Apache Tomcat	Version 7.0.34
Apache Tomcat	Version 7.0.35
Apache Tomcat	Version 7.0.37
Apache Tomcat	Version 7.0.39
Apache Tomcat	Version 7.0.40
Apache Tomcat	Version 7.0.41
Apache Tomcat	Version 7.0.42
Apache Tomcat	Version 7.0.47
Apache Tomcat	Version 7.0.4 beta
Apache Tomcat	Version 7.0.50
Apache Tomcat	Version 7.0.52
Apache Tomcat	Version 7.0.53
Apache Tomcat	Version 7.0.54
Apache Tomcat	Version 7.0.55
Apache Tomcat	Version 7.0.56
Apache Tomcat	Version 7.0.57
Apache Tomcat	Version 7.0.59
Apache Tomcat	Version 7.0.5 beta
Apache Tomcat	Version 7.0.61
Apache Tomcat	Version 7.0.62
Apache Tomcat	Version 7.0.63
Apache Tomcat	Version 7.0.64
Apache Tomcat	Version 7.0.65
Apache Tomcat	Version 7.0.67
Apache Tomcat	Version 7.0.6
Apache Tomcat	Version 8.0.0 rc10
Apache Tomcat	Version 8.0.0 rc1
Apache Tomcat	Version 8.0.0 rc3
Apache Tomcat	Version 8.0.0 rc5
Apache Tomcat	Version 8.0.11
Apache Tomcat	Version 8.0.12
Apache Tomcat	Version 8.0.14
Apache Tomcat	Version 8.0.15
Apache Tomcat	Version 8.0.17
Apache Tomcat	Version 8.0.18
Apache Tomcat	Version 8.0.1
Apache Tomcat	Version 8.0.20
Apache Tomcat	Version 8.0.21
Apache Tomcat	Version 8.0.22
Apache Tomcat	Version 8.0.23
Apache Tomcat	Version 8.0.24
Apache Tomcat	Version 8.0.26
Apache Tomcat	Version 8.0.27
Apache Tomcat	Version 8.0.28
Apache Tomcat	Version 8.0.29
Apache Tomcat	Version 8.0.30
Apache Tomcat	Version 8.0.3
Apache Tomcat	Version 9.0.0 milestone1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Related CWEs

CWE-264

References (100)

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=145974991225029&w=2

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-1089.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2045.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2599.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2807.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-2808.html

Source: secalert@redhat.com

http://seclists.org/bugtraq/2016/Feb/145

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1725263

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1725914

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1726196

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1726203

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1726923

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1727034

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1727166

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1727182

Source: secalert@redhat.com

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-8.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-9.html

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2016/dsa-3530

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3552

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3609

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/83327

Source: secalert@redhat.com

http://www.securitytracker.com/id/1035069

Source: secalert@redhat.com

http://www.securitytracker.com/id/1037640

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-3024-1

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2016:1087

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2016:1088

Source: secalert@redhat.com

https://bto.bluecoat.com/security-advisory/sa118

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626

Source: secalert@redhat.com

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201705-09

Source: secalert@redhat.com

https://security.netapp.com/advisory/ntap-20180531-0001/

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html