Back to search
CVE-2016-0706
Published: Feb 25, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://svn.apache.org/viewvc?view=revision&revision=1722800
x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
GLSA-201705-09
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2016:0865
vendor-advisory
x_refsource_SUSE
http://tomcat.apache.org/security-9.html
x_refsource_CONFIRM
USN-3024-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2016:0769
vendor-advisory
x_refsource_SUSE
RHSA-2016:2045
vendor-advisory
x_refsource_REDHAT
DSA-3530
vendor-advisory
x_refsource_DEBIAN
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
HPSBUX03561
vendor-advisory
x_refsource_HP
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1722802
x_refsource_CONFIRM
RHSA-2016:1089
vendor-advisory
x_refsource_REDHAT
http://tomcat.apache.org/security-8.html
x_refsource_CONFIRM
RHSA-2016:1087
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
1035069
vdb-entry
x_refsource_SECTRACK
https://bto.bluecoat.com/security-advisory/sa118
x_refsource_CONFIRM
RHSA-2016:2807
vendor-advisory
x_refsource_REDHAT
RHSA-2016:1088
vendor-advisory
x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180531-0001/
x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
RHSA-2016:2808
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2016:0822
vendor-advisory
x_refsource_SUSE
83324
vdb-entry
x_refsource_BID
RHSA-2016:2599
vendor-advisory
x_refsource_REDHAT
DSA-3609
vendor-advisory
x_refsource_DEBIAN
SUSE-SU-2016:0839
vendor-advisory
x_refsource_SUSE
20160222 [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass
mailing-list
x_refsource_BUGTRAQ
http://svn.apache.org/viewvc?view=revision&revision=1722799
x_refsource_CONFIRM
DSA-3552
vendor-advisory
x_refsource_DEBIAN
http://svn.apache.org/viewvc?view=revision&revision=1722801
x_refsource_CONFIRM
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now