Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Tomcat Permissions Privileges and Access Controls Vulnerability - CVE-2016-0714 - Vulnerability Database
Apache Tomcat

Apache Tomcat Permissions Privileges and Access Controls Vulnerability - CVE-2016-0714

High
Reference: CVE-2016-0714
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2016-0714
Title: Apache Tomcat Permissions Privileges and Access Controls Vulnerability
Overview:

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45 7.x before 7.0.68 8.x before 8.0.31 and 9.x before 9.0.0.M2 mishandles session attributes which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.