2016-02-25 02:59:04 2019-04-15 18:30:19

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE_INSTANCE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Apache Tomcat 9.0.0 M1 (not an official CPE) Apache Tomcat 8.0.30 (not an official CPE) Apache Tomcat 8.0.29 (not an official CPE) Apache Tomcat 8.0.26 (not an official CPE) Apache Tomcat 8.0.27 (not an official CPE) Apache Tomcat 8.0.28 (not an official CPE) Apache Tomcat 8.0.24 (not an official CPE) Apache Tomcat 8.0.23 (not an official CPE) Apache Tomcat 8.0.22 (not an official CPE) Apache Tomcat 8.0.21 (not an official CPE) Apache Tomcat 8.0.20 (not an official CPE) Apache Tomcat 8.0.18 (not an official CPE) Apache Tomcat 8.0.17 (not an official CPE) Apache Software Foundation Tomcat 8.0.15 Apache Software Foundation Tomcat 8.0.14 Apache Software Foundation Tomcat 8.0.12 Apache Software Foundation Tomcat 8.0.11 Apache Tomcat 8.0.3 (not an official CPE) Apache Software Foundation Tomcat 8.0.1 Apache Software Foundation Tomcat 8.0.0 release candidate 5 Apache Tomcat 8.0.0 Rc3 (not an official CPE) Apache Software Foundation Tomcat 8.0.0 release candidate 10 Apache Software Foundation Tomcat 8.0.0 Release Candidate 1 Apache Tomcat 7.0.67 (not an official CPE) Apache Tomcat 7.0.65 (not an official CPE) Apache Tomcat 7.0.64 (not an official CPE) Apache Tomcat 7.0.63 (not an official CPE) Apache Tomcat 7.0.62 (not an official CPE) Apache Tomcat 7.0.61 (not an official CPE) Apache Tomcat 7.0.59 (not an official CPE) Apache Software Foundation Tomcat 7.0.57 Apache Software Foundation Tomcat 7.0.56 Apache Software Foundation Tomcat 7.0.55 Apache Software Foundation Tomcat 7.0.54 Apache Tomcat 7.0.53 (not an official CPE) Apache Tomcat 7.0.52 (not an official CPE) Apache Software Foundation Tomcat 7.0.50 Apache Software Foundation Tomcat 7.0.47 Apache Software Foundation Tomcat 7.0.42 Apache Software Foundation Tomcat 7.0.41 Apache Software Foundation Tomcat 7.0.40 Apache Software Foundation Tomcat 7.0.39 Apache Software Foundation Tomcat 7.0.37 Apache Software Foundation Tomcat 7.0.35 Apache Software Foundation Tomcat 7.0.34 Apache Software Foundation Tomcat 7.0.33 Apache Software Foundation Tomcat 7.0.32 Apache Software Foundation Tomcat 7.0.30 Apache Software Foundation Tomcat 7.0.29 Apache Software Foundation Tomcat 7.0.28 Apache Software Foundation Tomcat 7.0.27 Apache Software Foundation Tomcat 7.0.26 Apache Software Foundation Tomcat 7.0.25 Apache Software Foundation Tomcat 7.0.23 Apache Software Foundation Tomcat 7.0.22 Apache Software Foundation Tomcat 7.0.21 Apache Software Foundation Tomcat 7.0.20 Apache Software Foundation Tomcat 7.0.19 Apache Software Foundation Tomcat 7.0.16 Apache Software Foundation Tomcat 7.0.14 Apache Software Foundation Tomcat 7.0.12 Apache Software Foundation Tomcat 7.0.4 beta Apache Tomcat 7.0.5 Beta (not an official CPE) Apache Software Foundation Tomcat 7.0.11 Apache Software Foundation Tomcat 7.0.10 Apache Software Foundation Tomcat 7.0.6 Apache Software Foundation Tomcat 7.0.2 beta Apache Tomcat 6.0.44 (not an official CPE) Apache Software Foundation Tomcat 7.0.0 beta Apache Software Foundation Tomcat 6.0.43 Apache Tomcat 6.0.39 (not an official CPE) Apache Software Foundation Tomcat 6.0.41 Apache Software Foundation Tomcat 6.0.37 Apache Software Foundation Tomcat 6.0.36 Apache Software Foundation Tomcat 6.0.35 Apache Software Foundation Tomcat 6.0.32 Apache Software Foundation Tomcat 6.0.33 Apache Software Foundation Tomcat 6.0.30 Apache Software Foundation Tomcat 6.0.29 Apache Software Foundation Tomcat 6.0.28 Apache Software Foundation Tomcat 6.0.24 Apache Software Foundation Tomcat 6.0.26 Apache Software Foundation Tomcat 6.0.20 Apache Software Foundation Tomcat 6.0.18 Apache Software Foundation Tomcat 6.0.16 Apache Software Foundation Tomcat 6.0.14 Apache Software Foundation Tomcat 6.0.10 Apache Software Foundation Tomcat 6.0.11 Apache Software Foundation Tomcat 6.0.13 Apache Software Foundation Tomcat 6.0.4 alpha Apache Software Foundation Tomcat 6.0.4 Apache Software Foundation Tomcat 6.0.2 beta Apache Software Foundation Tomcat 6.0.2 alpha Apache Software Foundation Tomcat 6.0.1 Apache Software Foundation Tomcat 6.0.2 Apache Software Foundation Tomcat 6.0.1 alpha Apache Software Foundation Tomcat 6.0.0 alpha Apache Software Foundation Tomcat 6.0.0
Advisory Patch Confirmed Link
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in ...
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in ...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/d...
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in ...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/d...
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/d...
https://bto.bluecoat.com/security-advisory/sa118
RHSA-2016:1088
RHSA-2016:1087
http://www.oracle.com/technetwork/security-advisory/cpuo...
http://www.oracle.com/technetwork/topics/security/linuxb...
USN-3024-1
83324
1035069
http://www.oracle.com/technetwork/topics/security/bullet...
DSA-3530
DSA-3552
http://www.oracle.com/technetwork/security-advisory/cpuo...
http://www.oracle.com/technetwork/security-advisory/cpuj...
http://tomcat.apache.org/security-7.html
http://svn.apache.org/viewvc?view=revision&revision=1722...
DSA-3609
http://tomcat.apache.org/security-9.html
HPSBUX03561
RHSA-2016:1089
RHSA-2016:2045
RHSA-2016:2599
RHSA-2016:2807
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-6.html
http://svn.apache.org/viewvc?view=revision&revision=1722...
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in ...
http://svn.apache.org/viewvc?view=revision&revision=1722...
http://svn.apache.org/viewvc?view=revision&revision=1722...
20160222 [SECURITY] CVE-2016-0706 Apache Tomcat Security...
RHSA-2016:2808
openSUSE-SU-2016:0865
SUSE-SU-2016:0839
SUSE-SU-2016:0822
SUSE-SU-2016:0769
GLSA-201705-09
https://security.netapp.com/advisory/ntap-20180531-0001/