exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

CVE-2016-6816

Status Candidate

Overview

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Related Files

Micro Focus Security Bulletin MFSBGN03837 1
Posted Dec 13, 2018
Authored by Micro Focus | Site microfocus.com

Micro Focus Security Bulletin MFSBGN03837 1 - A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability, xss
advisories | CVE-2016-6816, CVE-2017-5664
MD5 | b78255fa627420eca82d0a77ad0d256d
Red Hat Security Advisory 2017-0935-01
Posted Apr 12, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0935-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-8745
MD5 | 1a0843f609cc1ae1d269c24a2bcffac6
Apache Tomcat 6 / 7 / 8 / 9 Information Disclosure
Posted Apr 4, 2017
Authored by justpentest

Apache Tomcat versions 6, 7, 8, and 9 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2016-6816
MD5 | 942614a36395e6f4a853a5410f19ae8d
Red Hat Security Advisory 2017-0527-01
Posted Mar 15, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0527-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. Security Fix: It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-8745
MD5 | 669e5602ebd142296bc284d8dfca2810
Red Hat Security Advisory 2017-0457-01
Posted Mar 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0457-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-0762, CVE-2016-1240, CVE-2016-3092, CVE-2016-5018, CVE-2016-6325, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745
MD5 | 72037ef84e99df951756d0280ca62e3b
Red Hat Security Advisory 2017-0456-01
Posted Mar 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0456-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-0762, CVE-2016-1240, CVE-2016-3092, CVE-2016-5018, CVE-2016-6325, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745
MD5 | 4c3f88c9c6f20f34b15d02d8aa8ee2c5
Red Hat Security Advisory 2017-0455-01
Posted Mar 8, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0455-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements. Multiple security issues have been addressed.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2016-0762, CVE-2016-1240, CVE-2016-3092, CVE-2016-5018, CVE-2016-6325, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745
MD5 | a27e7563c89f4cc7f31db3509fc19ec6
Red Hat Security Advisory 2017-0250-01
Posted Feb 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0250-01 - The jboss-ec2-eap package provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.12. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

tags | advisory, web, local
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656
MD5 | 56ab7536ceaa7f44a0afb2546323a243
Red Hat Security Advisory 2017-0244-01
Posted Feb 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0244-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656
MD5 | e52d00662cb3acd1d1e100c02841cec2
Red Hat Security Advisory 2017-0245-01
Posted Feb 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0245-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656
MD5 | 902e16c21ee6b05a8cdc81ab53a2805c
Red Hat Security Advisory 2017-0247-01
Posted Feb 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0247-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656
MD5 | fe83ea560368dd7511c1fe83291099e5
Red Hat Security Advisory 2017-0246-01
Posted Feb 3, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0246-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release of Red Hat JBoss Enterprise Application Platform 6.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.12, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix: It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

tags | advisory, java, local
systems | linux, redhat
advisories | CVE-2016-6816, CVE-2016-7061, CVE-2016-8627, CVE-2016-8656
MD5 | 594fdfa1499ef21eb79f882a4fe9fea5
Ubuntu Security Notice USN-3177-2
Posted Feb 3, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3177-2 - USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem. It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-0762, CVE-2016-5018, CVE-2016-5388, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745
MD5 | a4473c09ce939b838899260feea7b8ff
Ubuntu Security Notice USN-3177-1
Posted Jan 24, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3177-1 - It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn't exist. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-0762, CVE-2016-5018, CVE-2016-5388, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797, CVE-2016-6816, CVE-2016-8735, CVE-2016-8745, CVE-2016-9774, CVE-2016-9775
MD5 | 5d508723e0a0c4bb457b9e1eca24e638
Debian Security Advisory 3738-1
Posted Dec 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3738-1 - Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.

tags | advisory, remote, vulnerability, code execution, info disclosure
systems | linux, debian
advisories | CVE-2016-6816, CVE-2016-8735, CVE-2016-9774, CVE-2016-9775
MD5 | 7182d2e57c5416d48fa5e7643c2b2390
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close