CVE-2016-6794
Aliases:GHSA-2rvf-329f-p99g
Advisory lineage Upstream: 0 Downstream: 15
Modified
Published: 10 Aug 2017, 16:00
Last modified:17 Sept 2024, 04:24
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
v3.1 (nvd)
EPSS Score
0.26% LOW
0% probability -0.10%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
10 Aug 2017, 16:00
Published
Vulnerability first disclosed
17 Sept 2024, 04:24
Last Modified
Vulnerability information updated
Description
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.26%• Percentile: 50%
Affected Systems
- apache software foundation•apache tomcat
9.0.0.M1 to 9.0.0.M9 | 8.5.0 to 8.5.4 | 8.0.0.RC1 to 8.0.36 | 7.0.0 to 7.0.70 | 6.0.0 to 6.0.45
- Unknown•Tomcat
≥ 6.0.0, ≤ 6.0.45 | ≥ 7.0.0, ≤ 7.0.70 | ≥ 8.0, ≤ 8.0.36 | ≥ 8.5.0, ≤ 8.5.4 | 9.0.0:milestone1 | 9.0.0:milestone2 | 9.0.0:milestone3 | 9.0.0:milestone4 | 9.0.0:milestone5 | 9.0.0:milestone6 | 9.0.0:milestone7 | 9.0.0:milestone8 | 9.0.0:milestone9
- canonical•ubuntu_linux
16.04
- debian•debian_linux
8.0
- org.apache.tomcat•tomcat
≥ 6.0.0, < 6.0.47 | ≥ 7.0.0, < 7.0.72 | ≥ 8.0.0, < 8.0.37 | ≥ 8.1.0, < 8.5.5 | ≥ 9.0.0.M1, < 9.0.0.M10
- netapp•oncommand_insight
na
- netapp•oncommand_shift
na
- netapp•snap_creator_framework
na
- oracle•tekelec_platform_distribution
≥ 7.4.0, ≤ 7.7.1
- redhat•enterprise_linux_desktop
7.0
- redhat•enterprise_linux_eus
7.4 | 7.5 | 7.6 | 7.7
- redhat•enterprise_linux_server
7.0
- redhat•enterprise_linux_server_aus
7.6 | 7.7
- redhat•enterprise_linux_server_tus
7.6 | 7.7
- redhat•enterprise_linux_workstation
7.0
- redhat•jboss_enterprise_web_server
3.0.0
References (50)
- https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb%40%3Cannounce.tomcat.apache.org%3E
- https://access.redhat.com/errata/RHSA-2017:2247
- http://rhn.redhat.com/errata/RHSA-2017-0457.html
- https://access.redhat.com/errata/RHSA-2017:0455
- http://www.securitytracker.com/id/1037143
- http://www.debian.org/security/2016/dsa-3720
- http://www.securityfocus.com/bid/93943
- https://access.redhat.com/errata/RHSA-2017:0456
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
- https://usn.ubuntu.com/4557-1/
- https://security.netapp.com/advisory/ntap-20180605-0001/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://nvd.nist.gov/vuln/detail/CVE-2016-6794
- https://github.com/apache/tomcat/commit/0b41766456b1980e4f809e13ad6dc9fa912bae7e
- https://github.com/apache/tomcat/commit/c1660182010b4255c21c874d69c124370a67784a
- https://github.com/apache/tomcat/commit/f8db078f1e6e8b225f8344e63595113ca34cd408
- https://github.com/apache/tomcat80/commit/ae6163a4f230bc679abfc93e048ff92996badad6
- https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
- https://security.netapp.com/advisory/ntap-20180605-0001
- https://usn.ubuntu.com/4557-1
- https://web.archive.org/web/20170317100547/http://www.securitytracker.com/id/1037143
- https://web.archive.org/web/20170626130744/http://www.securityfocus.com/bid/93943
- https://github.com/apache/tomcat
- https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e8a9784134a9eb@%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E