1. Home
  2. Vulnerabilities
  3. CVE-2016-5018

CVE-2016-5018

CVSS v3.1 9.1 (Critical)
91% Progress
CVSS v2.0 6.4 (Medium)
64% Progress
EPSS 0.18 % (55th)
0.18% Progress
Affected Products 15
Advisories 17
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Apache Software Foundation
Published Date
2017-08-10 16:29:00
(7 years ago)
Updated Date
2023-12-08 16:41:18
(9 months ago)

Affected Products

Apache

Canonical

Debian

Netapp

Oracle

Redhat

Configuration #1

    CPE23 From Up To
  Apache Tomcat from 6.0.0 version and 6.0.45 and prior versions cpe:2.3:a:apache:tomcat >= 6.0.0 <= 6.0.45
  Apache Tomcat from 7.0.0 version and 7.0.70 and prior versions cpe:2.3:a:apache:tomcat >= 7.0.0 <= 7.0.70
  Apache Tomcat from 8.0 version and 8.0.36 and prior versions cpe:2.3:a:apache:tomcat >= 8.0 <= 8.0.36
  Apache Tomcat from 8.5.0 version and 8.5.4 and prior versions cpe:2.3:a:apache:tomcat >= 8.5.0 <= 8.5.4
  Apache Tomcat 9.0.0 Milestone1 cpe:2.3:a:apache:tomcat:9.0.0:milestone1
  Apache Tomcat 9.0.0 Milestone2 cpe:2.3:a:apache:tomcat:9.0.0:milestone2
  Apache Tomcat 9.0.0 Milestone3 cpe:2.3:a:apache:tomcat:9.0.0:milestone3
  Apache Tomcat 9.0.0 Milestone4 cpe:2.3:a:apache:tomcat:9.0.0:milestone4
  Apache Tomcat 9.0.0 Milestone5 cpe:2.3:a:apache:tomcat:9.0.0:milestone5
  Apache Tomcat 9.0.0 Milestone6 cpe:2.3:a:apache:tomcat:9.0.0:milestone6
  Apache Tomcat 9.0.0 Milestone7 cpe:2.3:a:apache:tomcat:9.0.0:milestone7
  Apache Tomcat 9.0.0 Milestone8 cpe:2.3:a:apache:tomcat:9.0.0:milestone8
  Apache Tomcat 9.0.0 Milestone9 cpe:2.3:a:apache:tomcat:9.0.0:milestone9

Configuration #2

    CPE23 From Up To
  Netapp Oncommand Insight cpe:2.3:a:netapp:oncommand_insight:-
  Netapp Oncommand Shift cpe:2.3:a:netapp:oncommand_shift:-
  Netapp Snap Creator Framework cpe:2.3:a:netapp:snap_creator_framework:-

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm

Configuration #4

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0

Configuration #5

    CPE23 From Up To
  Redhat Jboss Enterprise Application Platform 6.4 cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4
  Redhat Jboss Enterprise Web Server 3.0.0 cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0
  Redhat Enterprise Linux Desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  Redhat Enterprise Linux Eus 7.4 cpe:2.3:o:redhat:enterprise_linux_eus:7.4
  Redhat Enterprise Linux Eus 7.5 cpe:2.3:o:redhat:enterprise_linux_eus:7.5
  Redhat Enterprise Linux Eus 7.6 cpe:2.3:o:redhat:enterprise_linux_eus:7.6
  Redhat Enterprise Linux Eus 7.7 cpe:2.3:o:redhat:enterprise_linux_eus:7.7
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
  Redhat Enterprise Linux Server Aus 7.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
  Redhat Enterprise Linux Server Aus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
  Redhat Enterprise Linux Server Aus 7.7 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
  Redhat Enterprise Linux Server Tus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
  Redhat Enterprise Linux Server Tus 7.7 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
  Redhat Enterprise Linux Workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #6

    CPE23 From Up To
  Oracle Tekelec Platform Distribution from 7.4.0 version and 7.7.1 and prior versions cpe:2.3:a:oracle:tekelec_platform_distribution >= 7.4.0 <= 7.7.1