CVE-2016-5018 — CRITICAL (9.1)

Q: How severe is CVE-2016-5018?

CVE-2016-5018 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2016-5018?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Netapp Oncommand Insight, Netapp Oncommand Shift, Netapp Snap Creator Framework, Canonical Ubuntu Linux.

Vulnerability Description

In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Tomcat	>= 6.0.0, <= 6.0.45
Netapp	Oncommand Insight	-
Netapp	Oncommand Shift	-
Netapp	Snap Creator Framework	-
Canonical	Ubuntu Linux	16.04
Debian	Debian Linux	8.0
Redhat	Jboss Enterprise Application Platform	6.4
Redhat	Jboss Enterprise Web Server	3.0.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Eus	7.4
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Workstation	7.0
Oracle	Tekelec Platform Distribution	>= 7.4.0, <= 7.7.1

References

http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.htmlExploitThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2017-0457.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2017-1551.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3720Third Party Advisory
http://www.securityfocus.com/bid/93942Broken Link
http://www.securitytracker.com/id/1037142Broken Link
http://www.securitytracker.com/id/1038757Broken Link
https://access.redhat.com/errata/RHSA-2017:0455Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:0456Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1548Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1549Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1550Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1552Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2247Third Party Advisory
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e8

FAQ

What is CVE-2016-5018?

CVE-2016-5018 is a vulnerability with a CVSS score of 9.1 (CRITICAL). In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat...

How severe is CVE-2016-5018?

CVE-2016-5018 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2016-5018?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Netapp Oncommand Insight, Netapp Oncommand Shift, Netapp Snap Creator Framework, Canonical Ubuntu Linux.