6.8
CVSSv2

CVE-2016-6816

Published: 20/03/2017 Updated: 15/04/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.1 | Impact Score: 3.7 | Exploitability Score: 2.8
VMScore: 686
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Affected Products

Vendor Product Versions
ApacheTomcat6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.34, 6.0.35, 6.0.36, 6.0.37, 6.0.38, 6.0.39, 6.0.40, 6.0.41, 6.0.42, 6.0.43, 6.0.44, 6.0.45, 6.0.46, 6.0.47, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.36, 7.0.37, 7.0.38, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.43, 7.0.44, 7.0.45, 7.0.46, 7.0.47, 7.0.48, 7.0.49, 7.0.50, 7.0.51, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.58, 7.0.59, 7.0.60, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.66, 7.0.67, 7.0.68, 7.0.69, 7.0.70, 7.0.71, 7.0.72, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.25, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.31, 8.0.32, 8.0.33, 8.0.34, 8.0.35, 8.0.36, 8.0.37, 8.0.38, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 9.0.0

Vendor Advisories

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulne ...
Synopsis Moderate: tomcat6 security update Type/Severity Security Advisory: Moderate Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Moderate: tomcat security update Type/Severity Security Advisory: Moderate Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6Red Hat Product Security has rated this update as having a security impact of Importa ...
Synopsis Important: jboss-ec2-eap security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6Red Hat Product Security has rated this update as having a security impac ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Importa ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 5Red Hat Product Security has rated this update as having a security impact of Importa ...
It was discovered that the code that parsed the HTTP request line permitted invalid characters This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response By manipulating the HTTP response the attacker could poison a web-cache, perform a ...
It was discovered that the code that parsed the HTTP request line permittedinvalid characters This could be exploited, in conjunction with a proxy thatalso permitted the invalid characters but with a different interpretation, toinject data into the HTTP response By manipulating the HTTP response theattacker could poison a web-cache, perform an XS ...
CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener ...
CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener ...
CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener ...
Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts Those flaws allowed for privilege escalation, information disclosure, and remote code execution As part of this update, several regressions stemming from incomplete fixes for previous vulnerabilities were al ...
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts Those flaws allowed for privilege escalation, information disclosure, and remote code execution As part of this update, several regressions stemming from incomplete fixes for previous vulnerabilities were al ...
Arch Linux Security Advisory ASA-201611-22 ========================================== Severity: High Date : 2016-11-23 CVE-ID : CVE-2016-6816 CVE-2016-8735 Package : tomcat6 Type : multiple issues Remote : Yes Link : wikiarchlinuxorg/indexphp/CVE Summary ======= The package tomcat6 before version 6048-1 is vulnerable to m ...
USN-3177-1 introduced a regression in Tomcat ...
Several security issues were fixed in Tomcat ...
Oracle Solaris Third Party Bulletin - January 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...
Oracle Linux Bulletin - January 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...
Oracle Linux Bulletin - April 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are release ...
Multiple vulnerabilities have been found in JP1/Network Node Manager i CVE-2016-6816, CVE-2017-5664 Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Oracle Critical Patch Update Advisory - April 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus ...
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...

Exploits

# Exploit Title:Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability # Date: 4th March 2017 # Exploit Author: justpentest # Vendor Homepage: tomcatapacheorg # Version: Apache Tomcat 900M1 through 900M11, 850 through 856, 800RC1 through 8038, 700 through 7072 and 600 through 6047 # Contact: transform2secure@gmailcom ...

Mailing Lists

Apache Tomcat versions 6, 7, 8, and 9 suffer from an information disclosure vulnerability ...
Note: the current version of the following document is available here: softwaresupportsoftwaregrpcom/document/-/facetsearch/document/KM03302206 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03302206 Version: 1 MFSBGN03837 rev1 - Network Node Manager i, Multiple Vulnerabilities NOTICE: The information in this Security Bulle ...

Github Repositories

Twitter: @Hktalent3135773 see Pro online to 51pwncom, or exploit-poccom penetration tools dependencies Command Description kali linux recommend system node js program runtime javac、java auto generate payload metasploit auto generate payload,and autoexploit gcc auto generate payload tmux auto background send payload, shell

References

CWE-20http://rhn.redhat.com/errata/RHSA-2017-0244.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0245.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0246.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0247.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0250.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0527.htmlhttp://www.debian.org/security/2016/dsa-3738http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/94461http://www.securitytracker.com/id/1037332https://access.redhat.com/errata/RHSA-2017:0455https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0935https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20180607-0001/https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13https://www.exploit-db.com/exploits/41783/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2016-6816https://access.redhat.com/errata/RHSA-2017:0247https://www.exploit-db.com/exploits/41783/https://nvd.nist.govhttps://usn.ubuntu.com/3177-2/https://www.rapid7.com/db/vulnerabilities/debian-cve-2017-6056