csaf_redhat - rhsa-2017:2247

rhsa-2017:2247

Vulnerability from csaf_redhat

Published

2017-08-01 15:43

Modified

2024-12-15 18:45

Summary

Red Hat Security Advisory: tomcat security, bug fix, and enhancement update

Notes

Topic

An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a later upstream version: tomcat (7.0.76). (BZ#1414895) Security Fix(es): * The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762) * It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018) * It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794) * It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796) * It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://access.redhat.com/security/updates/classification/",
         text: "Low",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright © Red Hat, Inc. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "An update for tomcat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
            title: "Topic",
         },
         {
            category: "general",
            text: "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nThe following packages have been upgraded to a later upstream version: tomcat (7.0.76). (BZ#1414895)\n\nSecurity Fix(es):\n\n* The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.",
            title: "Details",
         },
         {
            category: "legal_disclaimer",
            text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
            title: "Terms of Use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://access.redhat.com/security/team/contact/",
         issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
         name: "Red Hat Product Security",
         namespace: "https://www.redhat.com",
      },
      references: [
         {
            category: "self",
            summary: "https://access.redhat.com/errata/RHSA-2017:2247",
            url: "https://access.redhat.com/errata/RHSA-2017:2247",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/security/updates/classification/#low",
            url: "https://access.redhat.com/security/updates/classification/#low",
         },
         {
            category: "external",
            summary: "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html",
            url: "https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html",
         },
         {
            category: "external",
            summary: "1390493",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390493",
         },
         {
            category: "external",
            summary: "1390515",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390515",
         },
         {
            category: "external",
            summary: "1390520",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390520",
         },
         {
            category: "external",
            summary: "1390525",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390525",
         },
         {
            category: "external",
            summary: "1390526",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390526",
         },
         {
            category: "external",
            summary: "1411738",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1411738",
         },
         {
            category: "external",
            summary: "1414895",
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1414895",
         },
         {
            category: "self",
            summary: "Canonical URL",
            url: "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2247.json",
         },
      ],
      title: "Red Hat Security Advisory: tomcat security, bug fix, and enhancement update",
      tracking: {
         current_release_date: "2024-12-15T18:45:12+00:00",
         generator: {
            date: "2024-12-15T18:45:12+00:00",
            engine: {
               name: "Red Hat SDEngine",
               version: "4.2.3",
            },
         },
         id: "RHSA-2017:2247",
         initial_release_date: "2017-08-01T15:43:19+00:00",
         revision_history: [
            {
               date: "2017-08-01T15:43:19+00:00",
               number: "1",
               summary: "Initial version",
            },
            {
               date: "2017-08-01T15:43:19+00:00",
               number: "2",
               summary: "Last updated version",
            },
            {
               date: "2024-12-15T18:45:12+00:00",
               number: "3",
               summary: "Last generated version",
            },
         ],
         status: "final",
         version: "3",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Client (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Client (v. 7)",
                           product_id: "7Client",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::client",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Client Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Client Optional (v. 7)",
                           product_id: "7Client-optional",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::client",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux ComputeNode (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux ComputeNode (v. 7)",
                           product_id: "7ComputeNode",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::computenode",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
                           product_id: "7ComputeNode-optional",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::computenode",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Server (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Server (v. 7)",
                           product_id: "7Server",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::server",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Server Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Server Optional (v. 7)",
                           product_id: "7Server-optional",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::server",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Workstation (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Workstation (v. 7)",
                           product_id: "7Workstation",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::workstation",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Red Hat Enterprise Linux Workstation Optional (v. 7)",
                        product: {
                           name: "Red Hat Enterprise Linux Workstation Optional (v. 7)",
                           product_id: "7Workstation-optional",
                           product_identification_helper: {
                              cpe: "cpe:/o:redhat:enterprise_linux:7::workstation",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "Red Hat Enterprise Linux",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-admin-webapps@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-servlet-3.0-api@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-webapps-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-webapps-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-webapps-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-webapps@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-lib-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-lib-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-lib-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-lib@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-jsp-2.2-api@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-el-2.2-api@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-jsvc@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-docs-webapp@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                     {
                        category: "product_version",
                        name: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
                        product: {
                           name: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
                           product_id: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat-javadoc@7.0.76-2.el7?arch=noarch",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "noarch",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "tomcat-0:7.0.76-2.el7.src",
                        product: {
                           name: "tomcat-0:7.0.76-2.el7.src",
                           product_id: "tomcat-0:7.0.76-2.el7.src",
                           product_identification_helper: {
                              purl: "pkg:rpm/redhat/tomcat@7.0.76-2.el7?arch=src",
                           },
                        },
                     },
                  ],
                  category: "architecture",
                  name: "src",
               },
            ],
            category: "vendor",
            name: "Red Hat",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-0:7.0.76-2.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.src",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
               product_id: "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.src as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-0:7.0.76-2.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.src",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Client (v. 7)",
               product_id: "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Client",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.src",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
               product_id: "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.src as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.src",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux ComputeNode (v. 7)",
               product_id: "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7ComputeNode",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-0:7.0.76-2.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.src",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
               product_id: "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.src as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-0:7.0.76-2.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.src",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Server (v. 7)",
               product_id: "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Server",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.src",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
               product_id: "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation-optional",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-0:7.0.76-2.el7.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-0:7.0.76-2.el7.src",
            },
            product_reference: "tomcat-0:7.0.76-2.el7.src",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-javadoc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-javadoc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-jsvc-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-jsvc-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-lib-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-lib-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "tomcat-webapps-0:7.0.76-2.el7.noarch as a component of Red Hat Enterprise Linux Workstation (v. 7)",
               product_id: "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
            },
            product_reference: "tomcat-webapps-0:7.0.76-2.el7.noarch",
            relates_to_product_reference: "7Workstation",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2016-0762",
         discovery_date: "2016-10-27T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1390526",
            },
         ],
         notes: [
            {
               category: "description",
               text: "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: timing attack in Realm implementation",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-0:7.0.76-2.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-0762",
            },
            {
               category: "external",
               summary: "RHBZ#1390526",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390526",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-0762",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-0762",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-0762",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-0762",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
               url: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
               url: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
            },
         ],
         release_date: "2016-10-27T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2017-08-01T15:43:19+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 2.6,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: timing attack in Realm implementation",
      },
      {
         cve: "CVE-2016-5018",
         discovery_date: "2016-10-27T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1390525",
            },
         ],
         notes: [
            {
               category: "description",
               text: "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: security manager bypass via IntrospectHelper utility function",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-0:7.0.76-2.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-5018",
            },
            {
               category: "external",
               summary: "RHBZ#1390525",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390525",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-5018",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-5018",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-5018",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-5018",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
               url: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
               url: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
            },
         ],
         release_date: "2016-10-27T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2017-08-01T15:43:19+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: security manager bypass via IntrospectHelper utility function",
      },
      {
         cve: "CVE-2016-6794",
         discovery_date: "2016-10-27T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1390520",
            },
         ],
         notes: [
            {
               category: "description",
               text: "It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: system property disclosure",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-0:7.0.76-2.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-6794",
            },
            {
               category: "external",
               summary: "RHBZ#1390520",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390520",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-6794",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-6794",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6794",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6794",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
               url: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
               url: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
            },
         ],
         release_date: "2016-10-27T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2017-08-01T15:43:19+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 2.6,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.1,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: system property disclosure",
      },
      {
         cve: "CVE-2016-6796",
         discovery_date: "2016-10-27T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1390515",
            },
         ],
         notes: [
            {
               category: "description",
               text: "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: security manager bypass via JSP Servlet config parameters",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-0:7.0.76-2.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-6796",
            },
            {
               category: "external",
               summary: "RHBZ#1390515",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390515",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-6796",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-6796",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6796",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6796",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
               url: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
               url: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
            },
         ],
         release_date: "2016-10-27T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2017-08-01T15:43:19+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "PARTIAL",
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.2,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: security manager bypass via JSP Servlet config parameters",
      },
      {
         cve: "CVE-2016-6797",
         discovery_date: "2016-10-27T00:00:00+00:00",
         ids: [
            {
               system_name: "Red Hat Bugzilla ID",
               text: "1390493",
            },
         ],
         notes: [
            {
               category: "description",
               text: "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
               title: "Vulnerability description",
            },
            {
               category: "summary",
               text: "tomcat: unrestricted access to global resources",
               title: "Vulnerability summary",
            },
            {
               category: "general",
               text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
               title: "CVSS score applicability",
            },
         ],
         product_status: {
            fixed: [
               "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-0:7.0.76-2.el7.src",
               "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-0:7.0.76-2.el7.src",
               "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
               "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-0:7.0.76-2.el7.src",
               "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-0:7.0.76-2.el7.src",
               "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
               "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-0:7.0.76-2.el7.src",
               "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
               "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
            ],
         },
         references: [
            {
               category: "self",
               summary: "Canonical URL",
               url: "https://access.redhat.com/security/cve/CVE-2016-6797",
            },
            {
               category: "external",
               summary: "RHBZ#1390493",
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1390493",
            },
            {
               category: "external",
               summary: "https://www.cve.org/CVERecord?id=CVE-2016-6797",
               url: "https://www.cve.org/CVERecord?id=CVE-2016-6797",
            },
            {
               category: "external",
               summary: "https://nvd.nist.gov/vuln/detail/CVE-2016-6797",
               url: "https://nvd.nist.gov/vuln/detail/CVE-2016-6797",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
               url: "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
               url: "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72",
            },
            {
               category: "external",
               summary: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
               url: "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37",
            },
         ],
         release_date: "2016-10-27T00:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               date: "2017-08-01T15:43:19+00:00",
               details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
               product_ids: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
               restart_required: {
                  category: "none",
               },
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
         ],
         scores: [
            {
               cvss_v2: {
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 2.6,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               cvss_v3: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 3.7,
                  baseSeverity: "LOW",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
               products: [
                  "7Client-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Client-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-0:7.0.76-2.el7.src",
                  "7Client:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Client:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-0:7.0.76-2.el7.src",
                  "7ComputeNode:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7ComputeNode:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Server-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-0:7.0.76-2.el7.src",
                  "7Server:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Server:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation-optional:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation-optional:tomcat-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-0:7.0.76-2.el7.src",
                  "7Workstation:tomcat-admin-webapps-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-docs-webapp-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-el-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-javadoc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsp-2.2-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-jsvc-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-lib-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-servlet-3.0-api-0:7.0.76-2.el7.noarch",
                  "7Workstation:tomcat-webapps-0:7.0.76-2.el7.noarch",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               details: "Low",
            },
         ],
         title: "tomcat: unrestricted access to global resources",
      },
   ],
}

cve-2016-0762

Vulnerability from cvelistv5

Published

2017-08-10 16:00

Modified

2024-09-17 01:36

Severity ?

Summary

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1037144	vdb-entry, x_refsource_SECTRACK
	https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2017:2247	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0457.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0455	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/93939	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2016/dsa-3720	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:0456	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4557-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20180605-0001/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M1 to 9.0.0.M9 Version: 8.5.0 to 8.5.4 Version: 8.0.0.RC1 to 8.0.36 Version: 7.0.0 to 7.0.70 Version: 6.0.0 to 6.0.45

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:04.029Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1037144",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037144",
               },
               {
                  name: "[announce] 20161027 [SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E",
               },
               {
                  name: "RHSA-2017:2247",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2247",
               },
               {
                  name: "RHSA-2017:0457",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
               },
               {
                  name: "RHSA-2017:0455",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0455",
               },
               {
                  name: "93939",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/93939",
               },
               {
                  name: "DSA-3720",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3720",
               },
               {
                  name: "RHSA-2017:0456",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0456",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "USN-4557-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4557-1/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com//security-alerts/cpujul2021.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "9.0.0.M1 to 9.0.0.M9",
                  },
                  {
                     status: "affected",
                     version: "8.5.0 to 8.5.4",
                  },
                  {
                     status: "affected",
                     version: "8.0.0.RC1 to 8.0.36",
                  },
                  {
                     status: "affected",
                     version: "7.0.0 to 7.0.70",
                  },
                  {
                     status: "affected",
                     version: "6.0.0 to 6.0.45",
                  },
               ],
            },
         ],
         datePublic: "2016-10-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Timing Attack",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:37:46",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "1037144",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037144",
            },
            {
               name: "[announce] 20161027 [SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E",
            },
            {
               name: "RHSA-2017:2247",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
            {
               name: "RHSA-2017:0457",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
            },
            {
               name: "RHSA-2017:0455",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0455",
            },
            {
               name: "93939",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/93939",
            },
            {
               name: "DSA-3720",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3720",
            },
            {
               name: "RHSA-2017:0456",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0456",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "USN-4557-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4557-1/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com//security-alerts/cpujul2021.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2016-10-27T00:00:00",
               ID: "CVE-2016-0762",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "9.0.0.M1 to 9.0.0.M9",
                                       },
                                       {
                                          version_value: "8.5.0 to 8.5.4",
                                       },
                                       {
                                          version_value: "8.0.0.RC1 to 8.0.36",
                                       },
                                       {
                                          version_value: "7.0.0 to 7.0.70",
                                       },
                                       {
                                          version_value: "6.0.0 to 6.0.45",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Timing Attack",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1037144",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037144",
                  },
                  {
                     name: "[announce] 20161027 [SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E",
                  },
                  {
                     name: "RHSA-2017:2247",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2247",
                  },
                  {
                     name: "RHSA-2017:0457",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
                  },
                  {
                     name: "RHSA-2017:0455",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0455",
                  },
                  {
                     name: "93939",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/93939",
                  },
                  {
                     name: "DSA-3720",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3720",
                  },
                  {
                     name: "RHSA-2017:0456",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0456",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "USN-4557-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4557-1/",
                  },
                  {
                     name: "https://www.oracle.com//security-alerts/cpujul2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com//security-alerts/cpujul2021.html",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2016-0762",
      datePublished: "2017-08-10T16:00:00Z",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-09-17T01:36:51.388Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-6796

Vulnerability from cvelistv5

Published

2017-08-11 02:00

Modified

2024-09-17 03:32

Severity ?

Summary

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2017:1548	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45%40%3Cannounce.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2017:1549	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/93944	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:1552	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1038757	vdb-entry, x_refsource_SECTRACK
	http://www.securitytracker.com/id/1037141	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:2247	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-1551.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0457.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0455	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1550	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3720	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:0456	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4557-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-20180605-0001/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M1 to 9.0.0.M9 Version: 8.5.0 to 8.5.4 Version: 8.0.0.RC1 to 8.0.36 Version: 7.0.0 to 7.0.70 Version: 6.0.0 to 6.0.45

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:43:37.869Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2017:1548",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1548",
               },
               {
                  name: "[announce] 20161027 [SECURITY] CVE-2016-6796 Apache Tomcat Security Manager Bypass",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45%40%3Cannounce.tomcat.apache.org%3E",
               },
               {
                  name: "RHSA-2017:1549",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1549",
               },
               {
                  name: "93944",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/93944",
               },
               {
                  name: "RHSA-2017:1552",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1552",
               },
               {
                  name: "1038757",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1038757",
               },
               {
                  name: "1037141",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037141",
               },
               {
                  name: "RHSA-2017:2247",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2247",
               },
               {
                  name: "RHSA-2017:1551",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-1551.html",
               },
               {
                  name: "RHSA-2017:0457",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
               },
               {
                  name: "RHSA-2017:0455",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0455",
               },
               {
                  name: "RHSA-2017:1550",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1550",
               },
               {
                  name: "DSA-3720",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3720",
               },
               {
                  name: "RHSA-2017:0456",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0456",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "USN-4557-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4557-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "9.0.0.M1 to 9.0.0.M9",
                  },
                  {
                     status: "affected",
                     version: "8.5.0 to 8.5.4",
                  },
                  {
                     status: "affected",
                     version: "8.0.0.RC1 to 8.0.36",
                  },
                  {
                     status: "affected",
                     version: "7.0.0 to 7.0.70",
                  },
                  {
                     status: "affected",
                     version: "6.0.0 to 6.0.45",
                  },
               ],
            },
         ],
         datePublic: "2016-10-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Sandbox escape",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:37:51",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "RHSA-2017:1548",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1548",
            },
            {
               name: "[announce] 20161027 [SECURITY] CVE-2016-6796 Apache Tomcat Security Manager Bypass",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45%40%3Cannounce.tomcat.apache.org%3E",
            },
            {
               name: "RHSA-2017:1549",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1549",
            },
            {
               name: "93944",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/93944",
            },
            {
               name: "RHSA-2017:1552",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1552",
            },
            {
               name: "1038757",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1038757",
            },
            {
               name: "1037141",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037141",
            },
            {
               name: "RHSA-2017:2247",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
            {
               name: "RHSA-2017:1551",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-1551.html",
            },
            {
               name: "RHSA-2017:0457",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
            },
            {
               name: "RHSA-2017:0455",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0455",
            },
            {
               name: "RHSA-2017:1550",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1550",
            },
            {
               name: "DSA-3720",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3720",
            },
            {
               name: "RHSA-2017:0456",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0456",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "USN-4557-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4557-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2016-10-27T00:00:00",
               ID: "CVE-2016-6796",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "9.0.0.M1 to 9.0.0.M9",
                                       },
                                       {
                                          version_value: "8.5.0 to 8.5.4",
                                       },
                                       {
                                          version_value: "8.0.0.RC1 to 8.0.36",
                                       },
                                       {
                                          version_value: "7.0.0 to 7.0.70",
                                       },
                                       {
                                          version_value: "6.0.0 to 6.0.45",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Sandbox escape",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2017:1548",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:1548",
                  },
                  {
                     name: "[announce] 20161027 [SECURITY] CVE-2016-6796 Apache Tomcat Security Manager Bypass",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/5a2105a56b2495ab70fa568f06925bd861f0d71ffab4fb38bb4fdc45@%3Cannounce.tomcat.apache.org%3E",
                  },
                  {
                     name: "RHSA-2017:1549",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:1549",
                  },
                  {
                     name: "93944",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/93944",
                  },
                  {
                     name: "RHSA-2017:1552",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:1552",
                  },
                  {
                     name: "1038757",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1038757",
                  },
                  {
                     name: "1037141",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037141",
                  },
                  {
                     name: "RHSA-2017:2247",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2247",
                  },
                  {
                     name: "RHSA-2017:1551",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-1551.html",
                  },
                  {
                     name: "RHSA-2017:0457",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
                  },
                  {
                     name: "RHSA-2017:0455",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0455",
                  },
                  {
                     name: "RHSA-2017:1550",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:1550",
                  },
                  {
                     name: "DSA-3720",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3720",
                  },
                  {
                     name: "RHSA-2017:0456",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0456",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "USN-4557-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4557-1/",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2016-6796",
      datePublished: "2017-08-11T02:00:00Z",
      dateReserved: "2016-08-12T00:00:00",
      dateUpdated: "2024-09-17T03:32:53.822Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-6797

Vulnerability from cvelistv5

Published

2017-08-10 22:00

Modified

2024-09-17 04:24

Severity ?

Summary

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

References

▼	URL	Tags
	http://www.securityfocus.com/bid/93940	vdb-entry, x_refsource_BID
	https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352%40%3Cannounce.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1037145	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:2247	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0457.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0455	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3720	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:0456	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4557-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-20180605-0001/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M1 to 9.0.0.M9 Version: 8.5.0 to 8.5.4 Version: 8.0.0.RC1 to 8.0.36 Version: 7.0.0 to 7.0.70 Version: 6.0.0 to 6.0.45

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:43:37.903Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "93940",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/93940",
               },
               {
                  name: "[announce] 20161027 [SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352%40%3Cannounce.tomcat.apache.org%3E",
               },
               {
                  name: "1037145",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037145",
               },
               {
                  name: "RHSA-2017:2247",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2247",
               },
               {
                  name: "RHSA-2017:0457",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
               },
               {
                  name: "RHSA-2017:0455",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0455",
               },
               {
                  name: "DSA-3720",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3720",
               },
               {
                  name: "RHSA-2017:0456",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0456",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "USN-4557-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4557-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "9.0.0.M1 to 9.0.0.M9",
                  },
                  {
                     status: "affected",
                     version: "8.5.0 to 8.5.4",
                  },
                  {
                     status: "affected",
                     version: "8.0.0.RC1 to 8.0.36",
                  },
                  {
                     status: "affected",
                     version: "7.0.0 to 7.0.70",
                  },
                  {
                     status: "affected",
                     version: "6.0.0 to 6.0.45",
                  },
               ],
            },
         ],
         datePublic: "2016-10-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:37:52",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "93940",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/93940",
            },
            {
               name: "[announce] 20161027 [SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352%40%3Cannounce.tomcat.apache.org%3E",
            },
            {
               name: "1037145",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037145",
            },
            {
               name: "RHSA-2017:2247",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
            {
               name: "RHSA-2017:0457",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
            },
            {
               name: "RHSA-2017:0455",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0455",
            },
            {
               name: "DSA-3720",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3720",
            },
            {
               name: "RHSA-2017:0456",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0456",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "USN-4557-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4557-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2016-10-27T00:00:00",
               ID: "CVE-2016-6797",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "9.0.0.M1 to 9.0.0.M9",
                                       },
                                       {
                                          version_value: "8.5.0 to 8.5.4",
                                       },
                                       {
                                          version_value: "8.0.0.RC1 to 8.0.36",
                                       },
                                       {
                                          version_value: "7.0.0 to 7.0.70",
                                       },
                                       {
                                          version_value: "6.0.0 to 6.0.45",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "93940",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/93940",
                  },
                  {
                     name: "[announce] 20161027 [SECURITY] CVE-2016-6797 Apache Tomcat Unrestricted Access to Global Resources",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3E",
                  },
                  {
                     name: "1037145",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037145",
                  },
                  {
                     name: "RHSA-2017:2247",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2247",
                  },
                  {
                     name: "RHSA-2017:0457",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
                  },
                  {
                     name: "RHSA-2017:0455",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0455",
                  },
                  {
                     name: "DSA-3720",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3720",
                  },
                  {
                     name: "RHSA-2017:0456",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0456",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "USN-4557-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4557-1/",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2016-6797",
      datePublished: "2017-08-10T22:00:00Z",
      dateReserved: "2016-08-12T00:00:00",
      dateUpdated: "2024-09-17T04:24:37.373Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-6794

Vulnerability from cvelistv5

Published

2017-08-10 16:00

Modified

2024-09-17 04:24

Severity ?

Summary

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

References

▼	URL	Tags
	https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2017:2247	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0457.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0455	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1037143	vdb-entry, x_refsource_SECTRACK
	http://www.debian.org/security/2016/dsa-3720	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/93943	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:0456	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4557-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-20180605-0001/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M1 to 9.0.0.M9 Version: 8.5.0 to 8.5.4 Version: 8.0.0.RC1 to 8.0.36 Version: 7.0.0 to 7.0.70 Version: 6.0.0 to 6.0.45

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T01:43:37.900Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[announce] 20161027 [SECURITY] CVE-2016-6794 Apache Tomcat Security System Property Disclosure",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E",
               },
               {
                  name: "RHSA-2017:2247",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2247",
               },
               {
                  name: "RHSA-2017:0457",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
               },
               {
                  name: "RHSA-2017:0455",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0455",
               },
               {
                  name: "1037143",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037143",
               },
               {
                  name: "DSA-3720",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3720",
               },
               {
                  name: "93943",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/93943",
               },
               {
                  name: "RHSA-2017:0456",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0456",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "USN-4557-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4557-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "9.0.0.M1 to 9.0.0.M9",
                  },
                  {
                     status: "affected",
                     version: "8.5.0 to 8.5.4",
                  },
                  {
                     status: "affected",
                     version: "8.0.0.RC1 to 8.0.36",
                  },
                  {
                     status: "affected",
                     version: "7.0.0 to 7.0.70",
                  },
                  {
                     status: "affected",
                     version: "6.0.0 to 6.0.45",
                  },
               ],
            },
         ],
         datePublic: "2016-10-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:37:50",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "[announce] 20161027 [SECURITY] CVE-2016-6794 Apache Tomcat Security System Property Disclosure",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E",
            },
            {
               name: "RHSA-2017:2247",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
            {
               name: "RHSA-2017:0457",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
            },
            {
               name: "RHSA-2017:0455",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0455",
            },
            {
               name: "1037143",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037143",
            },
            {
               name: "DSA-3720",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3720",
            },
            {
               name: "93943",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/93943",
            },
            {
               name: "RHSA-2017:0456",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0456",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "USN-4557-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4557-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2016-10-27T00:00:00",
               ID: "CVE-2016-6794",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "9.0.0.M1 to 9.0.0.M9",
                                       },
                                       {
                                          version_value: "8.5.0 to 8.5.4",
                                       },
                                       {
                                          version_value: "8.0.0.RC1 to 8.0.36",
                                       },
                                       {
                                          version_value: "7.0.0 to 7.0.70",
                                       },
                                       {
                                          version_value: "6.0.0 to 6.0.45",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "[announce] 20161027 [SECURITY] CVE-2016-6794 Apache Tomcat Security System Property Disclosure",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E",
                  },
                  {
                     name: "RHSA-2017:2247",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2247",
                  },
                  {
                     name: "RHSA-2017:0457",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
                  },
                  {
                     name: "RHSA-2017:0455",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0455",
                  },
                  {
                     name: "1037143",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037143",
                  },
                  {
                     name: "DSA-3720",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3720",
                  },
                  {
                     name: "93943",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/93943",
                  },
                  {
                     name: "RHSA-2017:0456",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0456",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "USN-4557-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4557-1/",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2016-6794",
      datePublished: "2017-08-10T16:00:00Z",
      dateReserved: "2016-08-12T00:00:00",
      dateUpdated: "2024-09-17T04:24:06.893Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-5018

Vulnerability from cvelistv5

Published

2017-08-10 16:00

Modified

2024-09-16 18:38

Severity ?

Summary

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2017:1548	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1549	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/93942	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:1552	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1038757	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:2247	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-1551.html	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1037142	vdb-entry, x_refsource_SECTRACK
	http://rhn.redhat.com/errata/RHSA-2017-0457.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0455	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1550	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2016/dsa-3720	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2017:0456	vendor-advisory, x_refsource_REDHAT
	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4557-1/	vendor-advisory, x_refsource_UBUNTU
	https://security.netapp.com/advisory/ntap-20180605-0001/	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
	http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Tomcat	Version: 9.0.0.M1 to 9.0.0.M9 Version: 8.5.0 to 8.5.4 Version: 8.0.0.RC1 to 8.0.36 Version: 7.0.0 to 7.0.70 Version: 6.0.0 to 6.0.45

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:46:40.222Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2017:1548",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1548",
               },
               {
                  name: "RHSA-2017:1549",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1549",
               },
               {
                  name: "93942",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/93942",
               },
               {
                  name: "RHSA-2017:1552",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1552",
               },
               {
                  name: "1038757",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1038757",
               },
               {
                  name: "RHSA-2017:2247",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2247",
               },
               {
                  name: "RHSA-2017:1551",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-1551.html",
               },
               {
                  name: "[announce] 20161027 [SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E",
               },
               {
                  name: "1037142",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1037142",
               },
               {
                  name: "RHSA-2017:0457",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
               },
               {
                  name: "RHSA-2017:0455",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0455",
               },
               {
                  name: "RHSA-2017:1550",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:1550",
               },
               {
                  name: "DSA-3720",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3720",
               },
               {
                  name: "RHSA-2017:0456",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:0456",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "USN-4557-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4557-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Apache Tomcat",
               vendor: "Apache Software Foundation",
               versions: [
                  {
                     status: "affected",
                     version: "9.0.0.M1 to 9.0.0.M9",
                  },
                  {
                     status: "affected",
                     version: "8.5.0 to 8.5.4",
                  },
                  {
                     status: "affected",
                     version: "8.0.0.RC1 to 8.0.36",
                  },
                  {
                     status: "affected",
                     version: "7.0.0 to 7.0.70",
                  },
                  {
                     status: "affected",
                     version: "6.0.0 to 6.0.45",
                  },
               ],
            },
         ],
         datePublic: "2016-10-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Sandbox Escape",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:37:49",
            orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            shortName: "apache",
         },
         references: [
            {
               name: "RHSA-2017:1548",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1548",
            },
            {
               name: "RHSA-2017:1549",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1549",
            },
            {
               name: "93942",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/93942",
            },
            {
               name: "RHSA-2017:1552",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1552",
            },
            {
               name: "1038757",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1038757",
            },
            {
               name: "RHSA-2017:2247",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2247",
            },
            {
               name: "RHSA-2017:1551",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-1551.html",
            },
            {
               name: "[announce] 20161027 [SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E",
            },
            {
               name: "1037142",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1037142",
            },
            {
               name: "RHSA-2017:0457",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
            },
            {
               name: "RHSA-2017:0455",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0455",
            },
            {
               name: "RHSA-2017:1550",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:1550",
            },
            {
               name: "DSA-3720",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3720",
            },
            {
               name: "RHSA-2017:0456",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:0456",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "USN-4557-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4557-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@apache.org",
               DATE_PUBLIC: "2016-10-27T00:00:00",
               ID: "CVE-2016-5018",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Apache Tomcat",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "9.0.0.M1 to 9.0.0.M9",
                                       },
                                       {
                                          version_value: "8.5.0 to 8.5.4",
                                       },
                                       {
                                          version_value: "8.0.0.RC1 to 8.0.36",
                                       },
                                       {
                                          version_value: "7.0.0 to 7.0.70",
                                       },
                                       {
                                          version_value: "6.0.0 to 6.0.45",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Apache Software Foundation",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Sandbox Escape",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "RHSA-2017:1548",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:1548",
                  },
                  {
                     name: "RHSA-2017:1549",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:1549",
                  },
                  {
                     name: "93942",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/93942",
                  },
                  {
                     name: "RHSA-2017:1552",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:1552",
                  },
                  {
                     name: "1038757",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1038757",
                  },
                  {
                     name: "RHSA-2017:2247",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2247",
                  },
                  {
                     name: "RHSA-2017:1551",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-1551.html",
                  },
                  {
                     name: "[announce] 20161027 [SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e@%3Cannounce.tomcat.apache.org%3E",
                  },
                  {
                     name: "1037142",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1037142",
                  },
                  {
                     name: "RHSA-2017:0457",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2017-0457.html",
                  },
                  {
                     name: "RHSA-2017:0455",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0455",
                  },
                  {
                     name: "RHSA-2017:1550",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:1550",
                  },
                  {
                     name: "DSA-3720",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3720",
                  },
                  {
                     name: "RHSA-2017:0456",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:0456",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "USN-4557-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4557-1/",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20180605-0001/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09",
      assignerShortName: "apache",
      cveId: "CVE-2016-5018",
      datePublished: "2017-08-10T16:00:00Z",
      dateReserved: "2016-05-24T00:00:00",
      dateUpdated: "2024-09-16T18:38:35.797Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2017:2247

Vulnerability from csaf_redhat

cve-2016-0762

Vulnerability from cvelistv5

cve-2016-6796

Vulnerability from cvelistv5

cve-2016-6797

Vulnerability from cvelistv5

cve-2016-6794

Vulnerability from cvelistv5

cve-2016-5018

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature