Apache Tomcat Permissions Privileges and Access Controls Vulnerability - CVE-2016-0714 - Vulnerability Database

Apache Tomcat Permissions Privileges and Access Controls Vulnerability - CVE-2016-0714

High
Reference: CVE-2016-0714
Title: Apache Tomcat Permissions Privileges and Access Controls Vulnerability
Overview:

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45 7.x before 7.0.68 8.x before 8.0.31 and 9.x before 9.0.0.M2 mishandles session attributes which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.