CVE-2016-6816 Information

Description

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 8.5.0 to 8.5.6 8.0.0.RC1 to 8.0.38 7.0.0 to 7.0.72 and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited in conjunction with a proxy that also permitted the invalid characters but with a different interpretation to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache perform an XSS attack and/or obtain sensitive information from requests other then their own.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Reference

http://rhn.redhat.com/errata/RHSA-2017-0244.html http://rhn.redhat.com/errata/RHSA-2017-0245.html http://rhn.redhat.com/errata/RHSA-2017-0246.html http://rhn.redhat.com/errata/RHSA-2017-0247.html http://rhn.redhat.com/errata/RHSA-2017-0250.html http://rhn.redhat.com/errata/RHSA-2017-0457.html http://rhn.redhat.com/errata/RHSA-2017-0527.html http://www.debian.org/security/2016/dsa-3738 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/94461 http://www.securitytracker.com/id/1037332 https://access.redhat.com/errata/RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0456 https://access.redhat.com/errata/RHSA-2017:0935 https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@3Cdev.tomcat.apache.org3E https://security.netapp.com/advisory/ntap-20180607-0001/ https://tomcat.apache.org/security-6.htmlFixed_in_Apache_Tomcat_6.0.48 https://tomcat.apache.org/security-7.htmlFixed_in_Apache_Tomcat_7.0.73 https://tomcat.apache.org/security-8.htmlFixed_in_Apache_Tomcat_8.0.39 https://tomcat.apache.org/security-8.htmlFixed_in_Apache_Tomcat_8.5.8 https://tomcat.apache.org/security-9.htmlFixed_in_Apache_Tomcat_9.0.0.M13 https://usn.ubuntu.com/4557-1/ https://www.exploit-db.com/exploits/41783/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.1