Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2016-0706 - Vulnerability Database

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2016-0706

Medium
Reference: CVE-2016-0706
Title: Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

Apache Tomcat 6.x before 6.0.45 7.x before 7.0.68 8.x before 8.0.31 and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests and consequently discover session ID values via a crafted web application.