Back to search
CVE-2016-0714
Published: Feb 25, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
x_refsource_CONFIRM
GLSA-201705-09
vendor-advisory
x_refsource_GENTOO
http://svn.apache.org/viewvc?view=revision&revision=1726196
x_refsource_CONFIRM
20160222 [SECURITY] CVE-2016-0714 Apache Tomcat Security Manager Bypass
mailing-list
x_refsource_BUGTRAQ
openSUSE-SU-2016:0865
vendor-advisory
x_refsource_SUSE
http://tomcat.apache.org/security-9.html
x_refsource_CONFIRM
USN-3024-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2016:0769
vendor-advisory
x_refsource_SUSE
RHSA-2016:2045
vendor-advisory
x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1725263
x_refsource_CONFIRM
DSA-3530
vendor-advisory
x_refsource_DEBIAN
http://svn.apache.org/viewvc?view=revision&revision=1726923
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1727166
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1727034
x_refsource_CONFIRM
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1725914
x_refsource_CONFIRM
HPSBUX03561
vendor-advisory
x_refsource_HP
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
1037640
vdb-entry
x_refsource_SECTRACK
RHSA-2016:1089
vendor-advisory
x_refsource_REDHAT
http://tomcat.apache.org/security-8.html
x_refsource_CONFIRM
RHSA-2016:1087
vendor-advisory
x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_refsource_CONFIRM
1035069
vdb-entry
x_refsource_SECTRACK
https://bto.bluecoat.com/security-advisory/sa118
x_refsource_CONFIRM
RHSA-2016:2807
vendor-advisory
x_refsource_REDHAT
RHSA-2016:1088
vendor-advisory
x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180531-0001/
x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
RHSA-2016:2808
vendor-advisory
x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1726203
x_refsource_CONFIRM
SUSE-SU-2016:0822
vendor-advisory
x_refsource_SUSE
http://svn.apache.org/viewvc?view=revision&revision=1727182
x_refsource_CONFIRM
83327
vdb-entry
x_refsource_BID
RHSA-2016:2599
vendor-advisory
x_refsource_REDHAT
DSA-3609
vendor-advisory
x_refsource_DEBIAN
SUSE-SU-2016:0839
vendor-advisory
x_refsource_SUSE
DSA-3552
vendor-advisory
x_refsource_DEBIAN
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now