Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2016-5018

Published: 10/08/2017 Updated: 08/12/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Tomcat

Vulnerability Summary

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 9.0.0

apache tomcat

netapp snap creator framework -

netapp oncommand insight -

netapp oncommand shift -

canonical ubuntu linux 16.04

debian debian linux 8.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat jboss enterprise application platform 6.4

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.4

redhat jboss enterprise web server 3.0.0

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux server tus 7.6

redhat enterprise linux server aus 7.6

redhat enterprise linux eus 7.6

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

oracle tekelec platform distribution

Vendor Advisories

Debian Security Advisories: DSA-3720-1 tomcat8 -- security update
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges For the ...
Ubuntu Security Notice: tomcat6, tomcat7 regression
USN-3177-1 introduced a regression in Tomcat ...
Ubuntu Security Notice: tomcat6, tomcat7, tomcat8 vulnerabilities
Several security issues were fixed in Tomcat ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.16 update on RHEL 6
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 6416 update on RHEL 6 Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise ApplicationPlatform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a s ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.16 update on RHEL 7
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 6416 update on RHEL 7 Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise ApplicationPlatform 64 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a s ...
Red Hat: Moderate: jboss-ec2-eap security, bug fix, and enhancement update
Synopsis Moderate: jboss-ec2-eap security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as havin ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.4.16 update on RHEL 5
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 6416 update on RHEL 5 Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise ApplicationPlatform 64 for RHEL 5Red Hat Product Security has rated this update as having a security impactof Mod ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform security update
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulne ...
Red Hat: Important: Red Hat JBoss Web Server security and enhancement update
Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Amazon Linux AMI: ALAS-2016-764
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges (CVE-2016-6325) A malicious web application was able to bypass a configu ...
Red Hat: CVE-2016-5018
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications ...
Debian CVElist Bug Report Logs: CVE-2016-5018: Apache Tomcat Security Manager Bypass
Debian Bug report logs - #842663 CVE-2016-5018: Apache Tomcat Security Manager Bypass Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 ...
Debian CVElist Bug Report Logs: CVE-2016-6796: Apache Tomcat Security Manager Bypass
Debian Bug report logs - #842665 CVE-2016-6796: Apache Tomcat Security Manager Bypass Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 ...
Debian CVElist Bug Report Logs: TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
Debian Bug report logs - #840685 TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Thu, 13 Oct 2016 20:30:02 UT ...
Debian CVElist Bug Report Logs: CVE-2016-6794: Apache Tomcat System Property Disclosure
Debian Bug report logs - #842664 CVE-2016-6794: Apache Tomcat System Property Disclosure Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, ...
Debian CVElist Bug Report Logs: CVE-2016-9774: privilege escalation via upgrade
Debian Bug report logs - #845393 CVE-2016-9774: privilege escalation via upgrade Package: tomcat8; Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon) Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Tue, 22 ...
Debian CVElist Bug Report Logs: CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources
Debian Bug report logs - #842666 CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> ...
Debian CVElist Bug Report Logs: CVE-2016-0762: Apache Tomcat Realm Timing Attack
Debian Bug report logs - #842662 CVE-2016-0762: Apache Tomcat Realm Timing Attack Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 Oct ...
Debian CVElist Bug Report Logs: CVE-2016-9775: privilege escalation via removal
Debian Bug report logs - #845385 CVE-2016-9775: privilege escalation via removal Package: tomcat8; Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon) Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Tue, 22 ...

Exploits

Exploit DB: Tomcat 9.0.0.M1 Sandbox Escape
Tomcat version 900M1 proprietaryEvaluate sandbox escape proof of concept ...

References

NVD-CWE-noinfohttp://www.securitytracker.com/id/1038757http://www.securitytracker.com/id/1037142http://www.securityfocus.com/bid/93942http://www.debian.org/security/2016/dsa-3720https://access.redhat.com/errata/RHSA-2017:2247https://access.redhat.com/errata/RHSA-2017:1552https://access.redhat.com/errata/RHSA-2017:1550https://access.redhat.com/errata/RHSA-2017:1549https://access.redhat.com/errata/RHSA-2017:1548https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0455http://rhn.redhat.com/errata/RHSA-2017-1551.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttps://security.netapp.com/advisory/ntap-20180605-0001/http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.htmlhttps://usn.ubuntu.com/4557-1/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://www.debian.org/security/./dsa-3720https://nvd.nist.govhttps://usn.ubuntu.com/3177-2/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook