WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP CVE-2016-6796 Vulnerability (CVE-2016-6796)

Description

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

Remediation

References

Related Vulnerabilities

WordPress Plugin UpdraftPlus WordPress Backup Multiple Vulnerabilities (1.16.58)

WordPress Plugin WP Fastest Cache Directory Traversal (0.8.9.5)

OpenSSL Improper Access Control Vulnerability (CVE-2016-7054)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-38268)

Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1999044)

Severity

High

Classification

CVE-2016-6796 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities