5
CVSSv2

CVE-2016-6797

Published: 10/08/2017 Updated: 05/10/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 6.0.2

apache tomcat 6.0.3

apache tomcat 6.0.10

apache tomcat 6.0.11

apache tomcat 6.0.18

apache tomcat 6.0.19

apache tomcat 6.0.27

apache tomcat 6.0.28

apache tomcat 6.0.6

apache tomcat 6.0.7

apache tomcat 6.0.14

apache tomcat 6.0.15

apache tomcat 6.0.22

apache tomcat 6.0.23

apache tomcat 6.0.24

apache tomcat 6.0.31

apache tomcat 6.0.32

apache tomcat 6.0.39

apache tomcat 6.0.40

apache tomcat 7.0.2

apache tomcat 7.0.3

apache tomcat 7.0.10

apache tomcat 7.0.11

apache tomcat 7.0.18

apache tomcat 7.0.19

apache tomcat 7.0.27

apache tomcat 7.0.28

apache tomcat 7.0.35

apache tomcat 7.0.36

apache tomcat 7.0.43

apache tomcat 7.0.44

apache tomcat 7.0.53

apache tomcat 7.0.54

apache tomcat 7.0.61

apache tomcat 7.0.62

apache tomcat 7.0.69

apache tomcat 7.0.70

apache tomcat 8.0.3

apache tomcat 8.0.4

apache tomcat 8.0.11

apache tomcat 8.0.12

apache tomcat 8.0.19

apache tomcat 8.0.20

apache tomcat 8.0.21

apache tomcat 8.0.28

apache tomcat 8.0.29

apache tomcat 8.0.36

apache tomcat 8.5.0

apache tomcat 6.0.0

apache tomcat 6.0.1

apache tomcat 6.0.8

apache tomcat 6.0.9

apache tomcat 6.0.16

apache tomcat 6.0.17

apache tomcat 6.0.25

apache tomcat 6.0.26

apache tomcat 6.0.33

apache tomcat 6.0.35

apache tomcat 6.0.41

apache tomcat 6.0.42

apache tomcat 7.0.4

apache tomcat 7.0.5

apache tomcat 7.0.12

apache tomcat 7.0.13

apache tomcat 7.0.20

apache tomcat 7.0.21

apache tomcat 7.0.29

apache tomcat 7.0.30

apache tomcat 7.0.37

apache tomcat 7.0.38

apache tomcat 7.0.45

apache tomcat 6.0.34

apache tomcat 6.0.36

apache tomcat 6.0.43

apache tomcat 6.0.44

apache tomcat 7.0.6

apache tomcat 7.0.7

apache tomcat 7.0.14

apache tomcat 7.0.15

apache tomcat 7.0.22

apache tomcat 7.0.23

apache tomcat 7.0.24

apache tomcat 7.0.31

apache tomcat 7.0.32

apache tomcat 7.0.39

apache tomcat 7.0.40

apache tomcat 7.0.47

apache tomcat 7.0.48

apache tomcat 7.0.49

apache tomcat 7.0.57

apache tomcat 7.0.58

apache tomcat 7.0.65

apache tomcat 7.0.66

apache tomcat 8.0.0

apache tomcat 8.0

apache tomcat 8.0.7

apache tomcat 8.0.8

apache tomcat 8.0.15

apache tomcat 8.0.16

apache tomcat 8.0.24

apache tomcat 8.0.25

apache tomcat 8.0.32

apache tomcat 8.0.33

apache tomcat 8.5.3

apache tomcat 8.5.4

apache tomcat 9.0.0

apache tomcat 7.0.46

apache tomcat 7.0.55

apache tomcat 7.0.56

apache tomcat 7.0.63

apache tomcat 7.0.64

apache tomcat 8.0.5

apache tomcat 8.0.6

apache tomcat 8.0.13

apache tomcat 8.0.14

apache tomcat 8.0.22

apache tomcat 8.0.23

apache tomcat 8.0.30

apache tomcat 8.0.31

apache tomcat 8.5.1

apache tomcat 8.5.2

apache tomcat 6.0.4

apache tomcat 6.0.5

apache tomcat 6.0.12

apache tomcat 6.0.13

apache tomcat 6.0.20

apache tomcat 6.0.21

apache tomcat 6.0.29

apache tomcat 6.0.30

apache tomcat 6.0.37

apache tomcat 6.0.38

apache tomcat 6.0.45

apache tomcat 7.0.0

apache tomcat 7.0.1

apache tomcat 7.0.8

apache tomcat 7.0.9

apache tomcat 7.0.16

apache tomcat 7.0.17

apache tomcat 7.0.25

apache tomcat 7.0.26

apache tomcat 7.0.33

apache tomcat 7.0.34

apache tomcat 7.0.41

apache tomcat 7.0.42

apache tomcat 7.0.50

apache tomcat 7.0.52

apache tomcat 7.0.59

apache tomcat 7.0.60

apache tomcat 7.0.67

apache tomcat 7.0.68

apache tomcat 8.0.1

apache tomcat 8.0.2

apache tomcat 8.0.9

apache tomcat 8.0.10

apache tomcat 8.0.17

apache tomcat 8.0.18

apache tomcat 8.0.26

apache tomcat 8.0.27

apache tomcat 8.0.34

apache tomcat 8.0.35

Vendor Advisories

Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not ...
Debian Bug report logs - #840685 TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Thu, 13 Oct 2016 20:30:02 UT ...
Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrites, and potentially escalation of privileges For the ...
Debian Bug report logs - #842664 CVE-2016-6794: Apache Tomcat System Property Disclosure Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, ...
Debian Bug report logs - #842663 CVE-2016-5018: Apache Tomcat Security Manager Bypass Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 ...
Debian Bug report logs - #842666 CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> ...
Debian Bug report logs - #842665 CVE-2016-6796: Apache Tomcat Security Manager Bypass Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 ...
Debian Bug report logs - #842662 CVE-2016-0762: Apache Tomcat Realm Timing Attack Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 Oct ...
Debian Bug report logs - #845385 CVE-2016-9775: privilege escalation via removal Package: tomcat8; Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon) Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Tue, 22 ...
Debian Bug report logs - #845393 CVE-2016-9774: privilege escalation via upgrade Package: tomcat8; Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon) Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Tue, 22 ...
USN-3177-1 introduced a regression in Tomcat ...
Several security issues were fixed in Tomcat ...
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges (CVE-2016-6325 ) A malicious web application was able to bypass a config ...
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
Oracle Critical Patch Update Advisory - April 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus ...

References

CWE-284https://lists.apache.org/thread.html/9325837eb00cba5752c092047433c7f0415134d16e7f391447ff4352@%3Cannounce.tomcat.apache.org%3Ehttp://www.securitytracker.com/id/1037145http://www.securityfocus.com/bid/93940http://www.debian.org/security/2016/dsa-3720https://access.redhat.com/errata/RHSA-2017:2247https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0455http://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttps://security.netapp.com/advisory/ntap-20180605-0001/https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://usn.ubuntu.com/4557-1/http://tools.cisco.com/security/center/viewAlert.x?alertId=49528https://nvd.nist.govhttps://usn.ubuntu.com/3177-2/