|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-04-05 | |
| Rule Name: | Apache Tomcat Security Policy Bypass Vulnerability (CVE-2016-6816) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. | |
| Affected OS: | Windows, Solaris, Other Unix, FreeBSD, Linux | |
| Reference: | SecurityFocusBID:94461 ExploitDB:41783 http://rhn.redhat.com/errata/RHSA-2017-0244.html http://rhn.redhat.com/errata/RHSA-2017-0245.html |
|
| Solutions |
|---|
| The vendor has updated advisory on its official website. Please check it for more information. |