Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability

Apache Tomcat Security Manager is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Information

Bugtraq ID: 83327
Class: Unknown
CVE: CVE-2016-0714

Remote: Yes
Local: No
Published: Feb 22 2016 12:00AM
Updated: May 26 2017 08:00AM
Credit: The vendor reported the issue.
Vulnerable: SuSE Linux Enterprise Server 12
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop 6
Oracle WebCenter Sites 11.1.1 8.0
Oracle Virtual Desktop Infrastructure 3.3
Oracle Virtual Desktop Infrastructure 3.2
Oracle Transportation Management 6.3.5
Oracle Transportation Management 6.3.4
Oracle Transportation Management 6.3.3
Oracle Transportation Management 6.3.2
Oracle Transportation Management 6.3.1
Oracle Transportation Management 6.3.7
Oracle Transportation Management 6.3.6
Oracle Transportation Management 6.3
Oracle Transportation Management 6.2
Oracle Transportation Management 6.1
Oracle MySQL Enterprise Monitor 3.2.1.1049
Oracle MySQL Enterprise Monitor 3.1.4.7895
IBM WebSphere Portlet Factory 7.0
IBM WebSphere Dashboard Framework 7.0.1
IBM WebSphere Cast Iron 7.0
IBM WebSphere Cast Iron 6.1
IBM WebSphere Cast Iron 7.5.0.1
IBM WebSphere Cast Iron 7.5.0.0
IBM WebSphere Cast Iron 7.0.0.3
IBM WebSphere Cast Iron 7.0.0.2
IBM WebSphere Cast Iron 7.0.0.1
IBM WebSphere Cast Iron 6.4.0.1
IBM WebSphere Cast Iron 6.4.0.0
IBM WebSphere Cast Iron 6.3.0.2
IBM WebSphere Cast Iron 6.3.0.1
IBM WebSphere Cast Iron 6.1.0.9
IBM WebSphere Cast Iron 6.1.0.8
IBM WebSphere Cast Iron 6.1.0.7
IBM WebSphere Cast Iron 6.1.0.6
IBM WebSphere Cast Iron 6.1.0.15
IBM WebSphere Cast Iron 6.1.0.12
IBM WebSphere Application Server Community Edition 3.0.0.4
IBM Web Experience Factory 8.0
IBM Web Experience Factory 7.0.1
IBM Storwize V7000 0
IBM Storwize V5000 -
IBM Storwize V3700 -
IBM Storwize V3500 -
IBM Security SiteProtector System 3.1.1
IBM Security SiteProtector System 3.0
IBM Rational Test Workbench 8.5.1
IBM Rational Test Workbench 8.5 2
IBM Rational Test Workbench 8.5 1
IBM Rational Test Workbench 8.0.1 4
IBM Rational Test Workbench 8.0.1 3
IBM Rational Test Workbench 8.0.1 2
IBM Rational Test Workbench 8.0.1 1
IBM Rational Test Workbench 8.0.1
IBM Rational Test Workbench 8.0 3
IBM Rational Test Workbench 8.0 2
IBM Rational Test Workbench 8.0 1
IBM Rational Test Workbench 8.5.1.5
IBM Rational Test Workbench 8.5.1.4
IBM Rational Test Workbench 8.5.1.3
IBM Rational Test Workbench 8.5.1.2
IBM Rational Test Workbench 8.5.1.1
IBM Rational Test Workbench 8.5.0.4
IBM Rational Test Workbench 8.5.0.3
IBM Rational Test Workbench 8.5
IBM Rational Test Workbench 8.0.1.6
IBM Rational Test Workbench 8.0.1.5
IBM Rational Test Workbench 8.0.0.5
IBM Rational Test Workbench 8.0.0.4
IBM Rational Test Workbench 8.0
IBM Rational Test Virtualization Server 8.5.1
IBM Rational Test Virtualization Server 8.5 2
IBM Rational Test Virtualization Server 8.5 1
IBM Rational Test Virtualization Server 8.0.1 4
IBM Rational Test Virtualization Server 8.0.1 3
IBM Rational Test Virtualization Server 8.0.1 2
IBM Rational Test Virtualization Server 8.0.1 1
IBM Rational Test Virtualization Server 8.0.1
IBM Rational Test Virtualization Server 8.0 3
IBM Rational Test Virtualization Server 8.0 2
IBM Rational Test Virtualization Server 8.0 1
IBM Rational Test Virtualization Server 8.0
IBM Rational Test Virtualization Server 8.5.1.5
IBM Rational Test Virtualization Server 8.5.1.4
IBM Rational Test Virtualization Server 8.5.1.3
IBM Rational Test Virtualization Server 8.5.1.2
IBM Rational Test Virtualization Server 8.5.1.1
IBM Rational Test Virtualization Server 8.5.0.4
IBM Rational Test Virtualization Server 8.5.0.3
IBM Rational Test Virtualization Server 8.5.0.0
IBM Rational Test Virtualization Server 8.0.1.6
IBM Rational Test Virtualization Server 8.0.1.5
IBM Rational Test Virtualization Server 8.0.0.5
IBM Rational Test Virtualization Server 8.0.0.4
IBM Rational Directory Server 5.2.0.2
IBM QRadar Security Information and Event Manager 7.2.3
IBM QRadar Security Information and Event Manager 7.2.2
IBM QRadar Security Information and Event Manager 7.2.1
IBM QRadar Security Information and Event Manager 7.2.0
IBM QRadar Security Information and Event Manager 7.2
IBM QRadar Security Information and Event Manager 7.1
IBM Power HMC 8.4.0.0
IBM Power HMC 8.3.0.0
IBM Power HMC 8.2.0.0
IBM Power HMC 8.1.0.0
IBM Power HMC 7.9.0.0
IBM Power HMC 7.3.0.0
IBM FlashSystem V9000 9848-AE2 0
IBM FlashSystem V9000 9848-AC2 0
IBM FlashSystem V9000 9846-AE2 0
IBM FlashSystem V9000 9846-AC2 0
IBM Cognos TM1 10.2.2
IBM Cognos TM1 10.2
IBM Cognos TM1 10.1.0
IBM Cognos Business Viewpoint 10.1.1 FP2
IBM Cognos Business Viewpoint 10.1 FP1
HP Tomcat 7.0 for HP-UX B.11.31 0
HP Tomcat 6.0.33.01 for HP-UX B.11.31 0
HP OpenVMS CSWS_JAVA 7.0.29
HP HP-UX Tomcat Servlet Engine 7.0
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apache Tomcat 8.0.30
Apache Tomcat 8.0.27
Apache Tomcat 8.0.17
Apache Tomcat 8.0.15
Apache Tomcat 8.0.9
Apache Tomcat 8.0.8
Apache Tomcat 8.0.5
Apache Tomcat 8.0.3
Apache Tomcat 8.0.1
Apache Tomcat 7.0.67
Apache Tomcat 7.0.65
Apache Tomcat 7.0.59
Apache Tomcat 7.0.57
Apache Tomcat 7.0.54
Apache Tomcat 7.0.53
Apache Tomcat 7.0.50
Apache Tomcat 7.0.33
Apache Tomcat 7.0.32
Apache Tomcat 7.0.31
Apache Tomcat 7.0.30
Apache Tomcat 7.0.29
Apache Tomcat 7.0.28
Apache Tomcat 7.0.27
Apache Tomcat 7.0.26
Apache Tomcat 7.0.25
Apache Tomcat 7.0.24
Apache Tomcat 7.0.23
Apache Tomcat 7.0.16
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.6
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0
Apache Tomcat 6.0.44
Apache Tomcat 6.0.43
Apache Tomcat 6.0.41
Apache Tomcat 6.0.37
Apache Tomcat 6.0.36
Apache Tomcat 6.0.35
Apache Tomcat 6.0.28
Apache Tomcat 6.0.27
Apache Tomcat 6.0.26
Apache Tomcat 6.0.25
Apache Tomcat 6.0.24
Apache Tomcat 6.0.20
Apache Tomcat 6.0.18
Apache Tomcat 6.0.17
Apache Tomcat 6.0.16
Apache Tomcat 6.0.15
Apache Tomcat 6.0.14
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.4
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0
Apache Tomcat 9.0.0.M1
Apache Tomcat 8.0.0.RC1
Apache Tomcat 8.0.0-RC6
Apache Tomcat 8.0.0-RC5
Apache Tomcat 8.0.0-RC3
Apache Tomcat 8.0.0-RC10
Apache Tomcat 8.0.0-RC1
Apache Tomcat 8.0.0 Rc5
Apache Tomcat 8.0.0 Rc2
Apache Tomcat 8.0.0 Rc10
Apache Tomcat 8.0.0 Rc1
Apache Tomcat 7.0.55
Apache Tomcat 7.0.5
Apache Tomcat 7.0.49
Apache Tomcat 7.0.48
Apache Tomcat 7.0.47
Apache Tomcat 7.0.46
Apache Tomcat 7.0.45
Apache Tomcat 7.0.44
Apache Tomcat 7.0.43
Apache Tomcat 7.0.42
Apache Tomcat 7.0.41
Apache Tomcat 7.0.40
Apache Tomcat 7.0.39
Apache Tomcat 7.0.38
Apache Tomcat 7.0.37
Apache Tomcat 7.0.36
Apache Tomcat 7.0.35
Apache Tomcat 7.0.34
Apache Tomcat 7.0.22
Apache Tomcat 7.0.21
Apache Tomcat 7.0.20
Apache Tomcat 7.0.19
Apache Tomcat 7.0.18
Apache Tomcat 7.0.11
Apache Tomcat 7.0.10
Apache Tomcat 6.0.42
Apache Tomcat 6.0.39
Apache Tomcat 6.0.33
Apache Tomcat 6.0.32
Apache Tomcat 6.0.31
Apache Tomcat 6.0.30
Apache Tomcat 6.0.29
Apache Tomcat 6.0.19

Not Vulnerable: Oracle Virtual Desktop Infrastructure 3.5.3
IBM QRadar Security Information and Event Manager 7.2.6 Patch 5
IBM QRadar Security Information and Event Manager 7.1 MR2 Patch 12 IF4
IBM Cognos TM1 10.2.2 Fix Pack 6
IBM Cognos TM1 10.2.0.2 Interim Fix
IBM Cognos TM1 10.1.1.2 Interim Fix
IBM Cognos Business Viewpoint 10.1.1 FP2 IF8
IBM Cognos Business Viewpoint 10.1 FP1 IF9
HP Tomcat 7.0.68.01 for HP-UX B.11.31 0
HP Tomcat 6.0.45.01 for HP-UX B.11.31 0
Apache Tomcat 9.0.0.M3
Apache Tomcat 8.0.32
Apache Tomcat 7.0.68
Apache Tomcat 6.0.45

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://

References:

Source: www.securityfocus.com

Exploit Collector

Search Exploit