4.3
CVSSv2

CVE-2016-0762

Published: 10/08/2017 Updated: 20/07/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 6.0.4

apache tomcat 6.0.5

apache tomcat 6.0.13

apache tomcat 6.0.14

apache tomcat 6.0.21

apache tomcat 6.0.22

apache tomcat 6.0.29

apache tomcat 6.0.30

apache tomcat 6.0.38

apache tomcat 6.0.39

apache tomcat 7.0.0

apache tomcat 6.0.11

apache tomcat 7.0.34

apache tomcat 7.0.8

apache tomcat 7.0.1

apache tomcat 7.0.26

apache tomcat 7.0.18

apache tomcat 6.0.20

apache tomcat 6.0.10

apache tomcat 6.0.3

apache tomcat 7.0.42

apache tomcat 6.0.28

apache tomcat 6.0.0

apache tomcat 6.0.1

apache tomcat 7.0.25

apache tomcat 6.0.12

apache tomcat 7.0.17

apache tomcat 6.0.2

apache tomcat 7.0.9

apache tomcat 6.0.19

apache tomcat 6.0.27

apache tomcat 7.0.33

apache tomcat 6.0.8

apache tomcat 6.0.33

apache tomcat 8.0.30

apache tomcat 7.0.12

apache tomcat 6.0.34

apache tomcat 8.5.2

apache tomcat 7.0.55

apache tomcat 7.0.5

apache tomcat 6.0.25

apache tomcat 7.0.22

apache tomcat 8.0.31

apache tomcat 7.0.39

apache tomcat 7.0.46

apache tomcat 8.0.5

apache tomcat 8.0.0

apache tomcat 7.0.65

apache tomcat 6.0.42

apache tomcat 7.0.50

apache tomcat 7.0.14

apache tomcat 8.0.15

apache tomcat 6.0.9

apache tomcat 8.0.22

apache tomcat 6.0.17

apache tomcat 7.0.52

apache tomcat 7.0.29

apache tomcat 8.0.23

apache tomcat 8.5.3

apache tomcat 7.0.13

apache tomcat 7.0.47

apache tomcat 8.0.6

apache tomcat 7.0.30

apache tomcat 9.0.0

apache tomcat 6.0.18

apache tomcat 7.0.43

apache tomcat 8.0.14

apache tomcat 7.0.38

apache tomcat 6.0.43

apache tomcat 7.0.21

apache tomcat 7.0.4

apache tomcat 7.0.56

apache tomcat 6.0.26

apache tomcat 7.0.64

apache tomcat 6.0.35

apache tomcat 8.0.4

apache tomcat 8.0.10

apache tomcat 7.0.49

apache tomcat 7.0.62

apache tomcat 8.0.17

apache tomcat 6.0.6

apache tomcat 7.0.53

apache tomcat 7.0.20

apache tomcat 8.0.7

apache tomcat 8.0.26

apache tomcat 7.0.58

apache tomcat 8.5.4

apache tomcat 7.0.2

apache tomcat 8.0.2

apache tomcat 7.0.63

apache tomcat 6.0.7

apache tomcat 8.0.20

apache tomcat 6.0.15

apache tomcat 7.0.28

apache tomcat 8.0.1

apache tomcat 7.0.59

apache tomcat 8.0.19

apache tomcat 6.0.44

apache tomcat 7.0.6

apache tomcat 8.0

apache tomcat 8.0.12

apache tomcat 8.0.27

apache tomcat 6.0.31

apache tomcat 7.0.48

apache tomcat 7.0.11

apache tomcat 7.0.67

apache tomcat 7.0.23

apache tomcat 7.0.66

apache tomcat 6.0.24

apache tomcat 6.0.23

apache tomcat 7.0.44

apache tomcat 7.0.69

apache tomcat 6.0.37

apache tomcat 7.0.7

apache tomcat 7.0.60

apache tomcat 6.0.32

apache tomcat 7.0.37

apache tomcat 7.0.45

apache tomcat 8.0.11

apache tomcat 8.0.24

apache tomcat 8.0.36

apache tomcat 7.0.68

apache tomcat 8.0.33

apache tomcat 8.0.21

apache tomcat 8.0.32

apache tomcat 6.0.45

apache tomcat 7.0.41

apache tomcat 7.0.31

apache tomcat 7.0.15

apache tomcat 7.0.19

apache tomcat 7.0.16

apache tomcat 8.0.25

apache tomcat 6.0.41

apache tomcat 7.0.10

apache tomcat 7.0.36

apache tomcat 8.0.18

apache tomcat 7.0.54

apache tomcat 8.0.35

apache tomcat 7.0.35

apache tomcat 7.0.61

apache tomcat 8.0.3

apache tomcat 7.0.57

apache tomcat 8.0.13

apache tomcat 8.0.9

apache tomcat 7.0.32

apache tomcat 7.0.27

apache tomcat 7.0.24

apache tomcat 7.0.40

apache tomcat 8.0.16

apache tomcat 8.0.8

apache tomcat 7.0.3

apache tomcat 8.0.34

apache tomcat 6.0.40

apache tomcat 6.0.16

apache tomcat 7.0.70

apache tomcat 6.0.36

apache tomcat 8.5.0

apache tomcat 8.0.29

apache tomcat 8.0.28

apache tomcat 8.5.1

Vendor Advisories

Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
The Realm implementations did not process the supplied password if the supplied user name did not exist This made a timing attack possible to determine valid user names Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder ...
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges For the ...
Debian Bug report logs - #840685 TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Thu, 13 Oct 2016 20:30:02 UT ...
Debian Bug report logs - #842663 CVE-2016-5018: Apache Tomcat Security Manager Bypass Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 ...
Debian Bug report logs - #842664 CVE-2016-6794: Apache Tomcat System Property Disclosure Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, ...
Debian Bug report logs - #842666 CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> ...
Debian Bug report logs - #842665 CVE-2016-6796: Apache Tomcat Security Manager Bypass Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 ...
Debian Bug report logs - #842662 CVE-2016-0762: Apache Tomcat Realm Timing Attack Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 Oct ...
USN-3177-1 introduced a regression in Tomcat ...
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges (CVE-2016-6325 ) A malicious web application was able to bypass a config ...
Several security issues were fixed in Tomcat ...
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
Oracle Critical Patch Update Advisory - April 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus ...
Oracle Solaris Third Party Bulletin - October 2016 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...

References

CWE-264https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3Ehttp://www.securitytracker.com/id/1037144http://www.securityfocus.com/bid/93939http://www.debian.org/security/2016/dsa-3720https://access.redhat.com/errata/RHSA-2017:2247https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0455http://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttps://security.netapp.com/advisory/ntap-20180605-0001/https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://usn.ubuntu.com/4557-1/https://nvd.nist.govhttp://tools.cisco.com/security/center/viewAlert.x?alertId=49527https://usn.ubuntu.com/3177-2/