CVE-2016-5018

Published Aug 10, 2017

Last updated a year ago

CVSS critical 9.1

Overview

Description: In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0956A16-7E61-40E4-B107-2A0EEA1208C5",
            "versionEndIncluding": "6.0.45",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DCDF5FD-A879-4E78-A572-78C325F13C85",
            "versionEndIncluding": "7.0.70",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D30B2FCD-09F0-4647-84AE-343ECD724D45",
            "versionEndIncluding": "8.0.36",
            "versionStartIncluding": "8.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E7CA297-C102-4AF2-82D1-EF565ACCD1F5",
            "versionEndIncluding": "8.5.4",
            "versionStartIncluding": "8.5.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2E0AFF9-F664-4D46-AEF4-07C725CC5448"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E2F2F98-DB90-43F6-8F28-3656207B6188"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
            "versionEndIncluding": "7.7.1",
            "versionStartIncluding": "7.4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References