CVE-2016-6816

State: PUBLISHED · Published: 2017-03-20 · Updated: 2024-11-14 · Assigner: apache

Description

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

CWE

(none)

Affected

Apache Software Foundation / Apache Tomcat — v=9.0.0.M1 to 9.0.0.M11 [affected]; v=8.5.0 to 8.5.6 [affected]; v=8.0.0.RC1 to 8.0.38 [affected]; v=7.0.0 to 7.0.72 [affected]; v=6.0.0 to 6.0.47 [affected]; v=Earlier, unsupported versions may also be affected. [affected]

CVSS

(none)

References

http://rhn.redhat.com/errata/RHSA-2017-0250.html vendor-advisory, x_refsource_REDHAT
https://www.exploit-db.com/exploits/41783/ exploit, x_refsource_EXPLOIT-DB
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39 x_refsource_CONFIRM
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13 x_refsource_CONFIRM
http://www.securityfocus.com/bid/94461 vdb-entry, x_refsource_BID
http://www.debian.org/security/2016/dsa-3738 vendor-advisory, x_refsource_DEBIAN
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73 x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0244.html vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:0935 vendor-advisory, x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20180607-0001/ x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0457.html vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0246.html vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1037332 vdb-entry, x_refsource_SECTRACK
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8 x_refsource_CONFIRM
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48 x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:0455 vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0527.html vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0245.html vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:0456 vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0247.html vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E mailing-list, x_refsource_MLIST
https://usn.ubuntu.com/4557-1/ vendor-advisory, x_refsource_UBUNTU

Source

cvelistV5-main/cves/2016/6xxx/CVE-2016-6816.json