Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability



Apache Tomcat is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.

Apache Tomcat 9.0.0.M1 through 9.0.0.M9, 8.5.0 through 8.5.4, 8.0.0.RC1 through 8.0.36, 7.0.0 through 7.0.70 and 6.0.0 through 6.0.45 are vulnerable.

Information

Bugtraq ID: 93943
Class: Configuration Error
CVE: CVE-2016-6794

Remote: Yes
Local: No
Published: Oct 27 2016 12:00AM
Updated: Apr 23 2017 02:04AM
Credit: Apache Tomcat Security Team.
Vulnerable: Oracle Secure Global Desktop 5.3
Oracle Secure Global Desktop 5.2
Oracle Secure Global Desktop 4.71
F5 ARX 6.4
F5 ARX 6.3
F5 ARX 6.2
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apache Tomcat 8.5.4
Apache Tomcat 8.0.36
Apache Tomcat 8.0.35
Apache Tomcat 8.0.34
Apache Tomcat 8.0.33
Apache Tomcat 8.0.30
Apache Tomcat 8.0.27
Apache Tomcat 8.0.17
Apache Tomcat 8.0.15
Apache Tomcat 8.0.8
Apache Tomcat 8.0.5
Apache Tomcat 8.0.3
Apache Tomcat 8.0.1
Apache Tomcat 7.0.70
Apache Tomcat 7.0.69
Apache Tomcat 7.0.67
Apache Tomcat 7.0.65
Apache Tomcat 7.0.59
Apache Tomcat 7.0.57
Apache Tomcat 7.0.54
Apache Tomcat 7.0.53
Apache Tomcat 7.0.50
Apache Tomcat 7.0.33
Apache Tomcat 7.0.32
Apache Tomcat 7.0.31
Apache Tomcat 7.0.30
Apache Tomcat 7.0.29
Apache Tomcat 7.0.28
Apache Tomcat 7.0.27
Apache Tomcat 7.0.26
Apache Tomcat 7.0.25
Apache Tomcat 7.0.24
Apache Tomcat 7.0.23
Apache Tomcat 7.0.16
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.9
Apache Tomcat 7.0.8
Apache Tomcat 7.0.7
Apache Tomcat 7.0.6
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0
Apache Tomcat 6.0.44
Apache Tomcat 6.0.43
Apache Tomcat 6.0.41
Apache Tomcat 6.0.37
Apache Tomcat 6.0.36
Apache Tomcat 6.0.35
Apache Tomcat 6.0.28
Apache Tomcat 6.0.27
Apache Tomcat 6.0.26
Apache Tomcat 6.0.25
Apache Tomcat 6.0.24
Apache Tomcat 6.0.20
Apache Tomcat 6.0.18
Apache Tomcat 6.0.17
Apache Tomcat 6.0.16
Apache Tomcat 6.0.15
Apache Tomcat 6.0.14
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.7
Apache Tomcat 6.0.6
Apache Tomcat 6.0.5
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 6.0
Apache Tomcat 9.0.0M8
Apache Tomcat 9.0.0M6
Apache Tomcat 9.0.0.M9
Apache Tomcat 9.0.0.M5
Apache Tomcat 9.0.0.M4
Apache Tomcat 9.0.0.M3
Apache Tomcat 9.0.0.M2
Apache Tomcat 9.0.0.M1
Apache Tomcat 8.5.3
Apache Tomcat 8.5.2
Apache Tomcat 8.5.0
Apache Tomcat 8.0.9
Apache Tomcat 8.0.32
Apache Tomcat 8.0.0 Rc1
Apache Tomcat 7.0.68
Apache Tomcat 7.0.55
Apache Tomcat 7.0.5
Apache Tomcat 7.0.49
Apache Tomcat 7.0.48
Apache Tomcat 7.0.47
Apache Tomcat 7.0.46
Apache Tomcat 7.0.45
Apache Tomcat 7.0.44
Apache Tomcat 7.0.43
Apache Tomcat 7.0.42
Apache Tomcat 7.0.41
Apache Tomcat 7.0.40
Apache Tomcat 7.0.39
Apache Tomcat 7.0.38
Apache Tomcat 7.0.37
Apache Tomcat 7.0.36
Apache Tomcat 7.0.35
Apache Tomcat 7.0.34
Apache Tomcat 7.0.22
Apache Tomcat 7.0.21
Apache Tomcat 7.0.20
Apache Tomcat 7.0.19
Apache Tomcat 7.0.18
Apache Tomcat 7.0.11
Apache Tomcat 7.0.10
Apache Tomcat 6.0.45
Apache Tomcat 6.0.42
Apache Tomcat 6.0.39
Apache Tomcat 6.0.33
Apache Tomcat 6.0.32
Apache Tomcat 6.0.31
Apache Tomcat 6.0.30
Apache Tomcat 6.0.29
Apache Tomcat 6.0.19


Not Vulnerable: Apache Tomcat 8.5.5
Apache Tomcat 8.0.37
Apache Tomcat 7.0.72
Apache Tomcat 9.0.0.M10



Related Posts

Comments