CVE-2016-6794
Published: Aug 10, 2017
Modified: Sep 17, 2024
Description
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Tomcat | affected 9.0.0.M1 to 9.0.0.M9affected 8.5.0 to 8.5.4affected 8.0.0.RC1 to 8.0.36affected 7.0.0 to 7.0.70affected 6.0.0 to 6.0.45 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now