Improper Access Control in Apache Tomcat

GHSA-mv42-px54-87jw · CVE-2016-0714

Published May 14, 2022 · Modified Mar 10, 2024

Description

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-0714
WEB https://github.com/apache/tomcat/commit/50f1b1da794cd93b70ab5456d3c2c984408e1506
WEB https://github.com/apache/tomcat/commit/79e8ad03404c131009811855f9a30d8d01c0c736
WEB https://github.com/apache/tomcat/commit/824eb1d1ad922e7652ecf51adb2b9eebb5bb88b5
WEB https://github.com/apache/tomcat/commit/e1b1002129fea4033329f6f619ba219527bbbd40
WEB https://github.com/apache/tomcat/commit/f626da75fd59da82b14dee7b8cc46ad51eefdbe5
WEB https://github.com/apache/tomcat/commit/ff1b659dc366a2ad47cd8f7e3544c796a1b15e46
WEB https://github.com/apache/tomcat80/commit/2e5cc28052e84ba45196949ba602484221bbf33c
WEB https://github.com/apache/tomcat80/commit/5430f30c79383e4d2d87785468905fcb00bace58
WEB https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
WEB https://security.gentoo.org/glsa/201705-09
WEB https://security.netapp.com/advisory/ntap-20180531-0001
WEB https://web.archive.org/web/20170204045529/http://www.securityfocus.com/bid/83327
WEB https://web.archive.org/web/20170601064840/http://www.securitytracker.com/id/1035069
WEB https://web.archive.org/web/20170927131230/http://www.securitytracker.com/id/1037640
WEB https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
WEB https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
PACKAGE https://github.com/apache/tomcat
WEB https://bto.bluecoat.com/security-advisory/sa118
WEB https://access.redhat.com/errata/RHSA-2016:1088
WEB https://access.redhat.com/errata/RHSA-2016:1087
WEB http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
WEB http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
WEB http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html
WEB http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
WEB http://marc.info/?l=bugtraq&m=145974991225029&w=2
WEB http://rhn.redhat.com/errata/RHSA-2016-1089.html
WEB http://rhn.redhat.com/errata/RHSA-2016-2045.html
WEB http://rhn.redhat.com/errata/RHSA-2016-2599.html
WEB http://rhn.redhat.com/errata/RHSA-2016-2807.html
WEB http://rhn.redhat.com/errata/RHSA-2016-2808.html
WEB http://seclists.org/bugtraq/2016/Feb/145
WEB http://svn.apache.org/viewvc?view=revision&revision=1725263
WEB http://svn.apache.org/viewvc?view=revision&revision=1725914
WEB http://svn.apache.org/viewvc?view=revision&revision=1726196
WEB http://svn.apache.org/viewvc?view=revision&revision=1726203
WEB http://svn.apache.org/viewvc?view=revision&revision=1726923
WEB http://svn.apache.org/viewvc?view=revision&revision=1727034
WEB http://svn.apache.org/viewvc?view=revision&revision=1727166
WEB http://svn.apache.org/viewvc?view=revision&revision=1727182
WEB http://tomcat.apache.org/security-6.html
WEB http://tomcat.apache.org/security-7.html
WEB http://tomcat.apache.org/security-8.html
WEB http://tomcat.apache.org/security-9.html
WEB http://www.debian.org/security/2016/dsa-3530
WEB http://www.debian.org/security/2016/dsa-3552
WEB http://www.debian.org/security/2016/dsa-3609
WEB http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
WEB http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
WEB http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
WEB http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
WEB http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
WEB http://www.ubuntu.com/usn/USN-3024-1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes