Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability



Apache Tomcat is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.

The following versions are affected :

Apache Tomcat 9.0.0.M1 through 9.0.0.M9
Apache Tomcat 8.5.0 through 8.5.4
Apache Tomcat 8.0.0.RC1 through 8.0.36
Apache Tomcat 7.0.0 through 7.0.70
Apache Tomcat 6.0.0 through 6.0.45

Information

Bugtraq ID: 93942
Class: Design Error
CVE: CVE-2016-5018

Remote: Yes
Local: No
Published: Oct 27 2016 12:00AM
Updated: Apr 23 2017 12:05AM
Credit: Alvaro Munoz of the HP Enterprise Security Team.
Vulnerable: Oracle Secure Global Desktop 5.3
Oracle Secure Global Desktop 5.2
Oracle Secure Global Desktop 4.71
F5 ARX 6.4
F5 ARX 6.3
F5 ARX 6.2
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apache Tomcat 8.5.4
Apache Tomcat 8.0.36
Apache Tomcat 8.0.35
Apache Tomcat 8.0.34
Apache Tomcat 8.0.33
Apache Tomcat 8.0.30
Apache Tomcat 8.0.27
Apache Tomcat 8.0.17
Apache Tomcat 8.0.15
Apache Tomcat 8.0.8
Apache Tomcat 8.0.5
Apache Tomcat 8.0.3
Apache Tomcat 8.0.1
Apache Tomcat 7.0.70
Apache Tomcat 7.0.69
Apache Tomcat 7.0.67
Apache Tomcat 7.0.65
Apache Tomcat 7.0.59
Apache Tomcat 7.0.57
Apache Tomcat 7.0.54
Apache Tomcat 7.0.53
Apache Tomcat 7.0.50
Apache Tomcat 7.0.33
Apache Tomcat 7.0.32
Apache Tomcat 7.0.31
Apache Tomcat 7.0.30
Apache Tomcat 7.0.29
Apache Tomcat 7.0.28
Apache Tomcat 7.0.27
Apache Tomcat 7.0.26
Apache Tomcat 7.0.25
Apache Tomcat 7.0.24
Apache Tomcat 7.0.23
Apache Tomcat 7.0.16
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.9
Apache Tomcat 7.0.8
Apache Tomcat 7.0.7
Apache Tomcat 7.0.6
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0
Apache Tomcat 6.0.44
Apache Tomcat 6.0.43
Apache Tomcat 6.0.41
Apache Tomcat 6.0.37
Apache Tomcat 6.0.36
Apache Tomcat 6.0.35
Apache Tomcat 6.0.28
Apache Tomcat 6.0.27
Apache Tomcat 6.0.26
Apache Tomcat 6.0.25
Apache Tomcat 6.0.24
Apache Tomcat 6.0.20
Apache Tomcat 6.0.18
Apache Tomcat 6.0.17
Apache Tomcat 6.0.16
Apache Tomcat 6.0.15
Apache Tomcat 6.0.14
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.9
Apache Tomcat 6.0.8
Apache Tomcat 6.0.7
Apache Tomcat 6.0.6
Apache Tomcat 6.0.5
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 6.0
Apache Tomcat 9.0.0M8
Apache Tomcat 9.0.0M6
Apache Tomcat 9.0.0.M9
Apache Tomcat 9.0.0.M5
Apache Tomcat 9.0.0.M4
Apache Tomcat 9.0.0.M3
Apache Tomcat 9.0.0.M2
Apache Tomcat 9.0.0.M1
Apache Tomcat 8.5.3
Apache Tomcat 8.5.2
Apache Tomcat 8.5.0
Apache Tomcat 8.0.9
Apache Tomcat 8.0.32
Apache Tomcat 8.0.0-RC6
Apache Tomcat 8.0.0-RC5
Apache Tomcat 8.0.0-RC3
Apache Tomcat 8.0.0-RC10
Apache Tomcat 8.0.0-RC1
Apache Tomcat 8.0.0 Rc5
Apache Tomcat 8.0.0 Rc2
Apache Tomcat 8.0.0 Rc1
Apache Tomcat 7.0.68
Apache Tomcat 7.0.55
Apache Tomcat 7.0.5
Apache Tomcat 7.0.49
Apache Tomcat 7.0.48
Apache Tomcat 7.0.47
Apache Tomcat 7.0.46
Apache Tomcat 7.0.45
Apache Tomcat 7.0.44
Apache Tomcat 7.0.43
Apache Tomcat 7.0.42
Apache Tomcat 7.0.41
Apache Tomcat 7.0.40
Apache Tomcat 7.0.39
Apache Tomcat 7.0.38
Apache Tomcat 7.0.37
Apache Tomcat 7.0.36
Apache Tomcat 7.0.35
Apache Tomcat 7.0.34
Apache Tomcat 7.0.22
Apache Tomcat 7.0.21
Apache Tomcat 7.0.20
Apache Tomcat 7.0.19
Apache Tomcat 7.0.18
Apache Tomcat 7.0.11
Apache Tomcat 7.0.10
Apache Tomcat 6.0.45
Apache Tomcat 6.0.42
Apache Tomcat 6.0.39
Apache Tomcat 6.0.33
Apache Tomcat 6.0.32
Apache Tomcat 6.0.31
Apache Tomcat 6.0.30
Apache Tomcat 6.0.29
Apache Tomcat 6.0.19


Not Vulnerable: Apache Tomcat 8.5.5
Apache Tomcat 8.0.37
Apache Tomcat 7.0.72
Apache Tomcat 6.0.47
Apache Tomcat 9.0.0.M10



Related Posts

Comments