CVE-2016-0714 Information

Description

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45 7.x before 7.0.68 8.x before 8.0.31 and 9.x before 9.0.0.M2 mishandles session attributes which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html http://marc.info/?l=bugtraq&m=145974991225029&w=2 http://rhn.redhat.com/errata/RHSA-2016-1089.html http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016-2599.html http://rhn.redhat.com/errata/RHSA-2016-2807.html http://rhn.redhat.com/errata/RHSA-2016-2808.html http://seclists.org/bugtraq/2016/Feb/145 http://svn.apache.org/viewvc?view=revision&revision=1725263 http://svn.apache.org/viewvc?view=revision&revision=1725914 http://svn.apache.org/viewvc?view=revision&revision=1726196 http://svn.apache.org/viewvc?view=revision&revision=1726203 http://svn.apache.org/viewvc?view=revision&revision=1726923 http://svn.apache.org/viewvc?view=revision&revision=1727034 http://svn.apache.org/viewvc?view=revision&revision=1727166 http://svn.apache.org/viewvc?view=revision&revision=1727182 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html http://www.debian.org/security/2016/dsa-3530 http://www.debian.org/security/2016/dsa-3552 http://www.debian.org/security/2016/dsa-3609 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/83327 http://www.securitytracker.com/id/1035069 http://www.securitytracker.com/id/1037640 http://www.ubuntu.com/usn/USN-3024-1 https://access.redhat.com/errata/RHSA-2016:1087 https://access.redhat.com/errata/RHSA-2016:1088 https://bto.bluecoat.com/security-advisory/sa118 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626 https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@3Cdev.tomcat.apache.org3E https://security.gentoo.org/glsa/201705-09 https://security.netapp.com/advisory/ntap-20180531-0001/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8