CVE-2016-0706 (Medium) detected in multiple libraries - autoclosed #223
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-jackfan.us.kg
bot
added
the
Mend: dependency security vulnerability
This was referenced Nov 3, 2021
1 task
mend-for-jackfan.us.kg
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2016-0706 - Medium Severity Vulnerability
tomcat-catalina-8.0.14.jar
Tomcat Servlet Engine Core Classes and Standard implementations
Path to dependency file: /dd-java-agent/instrumentation/classloading/tomcat-testing/tomcat-testing.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat/tomcat-catalina/8.0.14/1ab50f40dba33c2f2ec99a160fd00e739f36b24b/tomcat-catalina-8.0.14.jar
Dependency Hierarchy:
tomcat-embed-core-7.0.0.jar
Core Tomcat implementation
Path to dependency file: /dd-java-agent/instrumentation/java-concurrent/lambda-testing/lambda-testing.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar,/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.0/a5d50d1a993f78091f62d1b4afcd553fe7295ebb/tomcat-embed-core-7.0.0.jar
Dependency Hierarchy:
tomcat-embed-core-7.0.37.jar
Core Tomcat implementation
Library home page: http://tomcat.apache.org/
Path to dependency file: /dd-java-agent/instrumentation/jsp-2.3/jsp-2.3.gradle
Path to vulnerable library: /caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.37/13754cedeae4b94451b4563111fad71dab9ae619/tomcat-embed-core-7.0.37.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.tomcat.embed/tomcat-embed-core/7.0.37/13754cedeae4b94451b4563111fad71dab9ae619/tomcat-embed-core-7.0.37.jar
Dependency Hierarchy:
Found in HEAD commit: 2819174635979a19573ec0ce8e3e2b63a3848079
Found in base branch: master
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
Publish Date: 2016-02-25
URL: CVE-2016-0706
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0706
Release Date: 2016-02-25
Fix Resolution: 7.0.68
⛑️ Automatic Remediation is available for this issue
The text was updated successfully, but these errors were encountered: