Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

None

Attack Vector

Network

0

CVE-2016-5018

Disclosure Date: August 10, 2017 •

CVE-2016-5018 CVSS v3 Base Score: 9.1

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.1 Critical

Impact Score:

5.2

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

None

Vendors

apache,
canonical,
debian,
netapp,
oracle,
redhat

Products

debian linux 8.0,
enterprise linux desktop 7.0,
enterprise linux eus 7.4,
enterprise linux eus 7.5,
enterprise linux eus 7.6,
enterprise linux eus 7.7,
enterprise linux server 7.0,
enterprise linux server aus 7.4,
enterprise linux server aus 7.6,
enterprise linux server aus 7.7,
enterprise linux server tus 7.6,
enterprise linux server tus 7.7,
enterprise linux workstation 7.0,
jboss enterprise application platform 6.4,
jboss enterprise web server 3.0.0,
oncommand insight -,
oncommand shift -,
snap creator framework -,
tekelec platform distribution,
tomcat,
tomcat 9.0.0,
ubuntu linux 16.04

References

Canonical

CVE-2016-5018 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5018)

BID-93942 (http://www.securityfocus.com/bid/93942)

Advisory

https://access.redhat.com/errata/RHSA-2017:1548

https://access.redhat.com/errata/RHSA-2017:1549

https://security.netapp.com/advisory/ntap-20180605-0001

https://access.redhat.com/errata/RHSA-2017:1552

SECTRACK-1038757 (http://www.securitytracker.com/id/1038757)

https://access.redhat.com/errata/RHSA-2017:2247

http://rhn.redhat.com/errata/RHSA-2017-1551.html

[announce] 20161027 [SECURITY] CVE-2016-5018 Apache Tomcat Security Manager Bypass (https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e@%3Cannounce.tomcat.apache.org%3E)

SECTRACK-1037142 (http://www.securitytracker.com/id/1037142)

http://rhn.redhat.com/errata/RHSA-2017-0457.html

https://access.redhat.com/errata/RHSA-2017:0455

https://access.redhat.com/errata/RHSA-2017:1550

DSA-3720 (http://www.debian.org/security/2016/dsa-3720)

https://access.redhat.com/errata/RHSA-2017:0456

[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ (https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ (https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E)

[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/ (https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E)

https://security.netapp.com/advisory/ntap-20180605-0001/

USN-4557-1 (https://usn.ubuntu.com/4557-1/)

Miscellaneous

http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html

https://www.oracle.com/security-alerts/cpuoct2021.html

Rapid7

Technical Analysis