Vulnerability Description
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | >= 6.0.0, <= 6.0.45 |
| Debian | Debian Linux | 8.0 |
| Redhat | Jboss Enterprise Web Server | 3.0.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 7.4 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.6 |
| Redhat | Enterprise Linux Server Tus | 7.6 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Netapp | Oncommand Insight | - |
| Netapp | Oncommand Shift | - |
| Netapp | Snap Creator Framework | - |
| Canonical | Ubuntu Linux | 16.04 |
| Oracle | Tekelec Platform Distribution | >= 7.4.0, <= 7.7.1 |
References
- http://rhn.redhat.com/errata/RHSA-2017-0457.htmlThird Party Advisory
- http://www.debian.org/security/2016/dsa-3720Third Party Advisory
- http://www.securityfocus.com/bid/93943Broken Link
- http://www.securitytracker.com/id/1037143Broken Link
- https://access.redhat.com/errata/RHSA-2017:0455Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:0456Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2247Third Party Advisory
- https://lists.apache.org/thread.html/09d2f2c65ac4ff5da42f15dc2b0f78b655e50f1a42e
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e8
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbea
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f9
- https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85
FAQ
What is CVE-2016-6794?
CVE-2016-6794 is a vulnerability with a CVSS score of 5.3 (MEDIUM). When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC...
How severe is CVE-2016-6794?
CVE-2016-6794 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6794?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Debian Debian Linux, Redhat Jboss Enterprise Web Server, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.