mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #193
Closed mend-bolt-for-github[bot] closed 3 years ago
mend-bolt-for-github[bot]
commented
3 years ago :information_source: This issue was automatically closed by WhiteSource because it is a duplicate of an existing issue: #193
CVE-2016-0706 - Medium Severity Vulnerability
Tomcat Servlet Engine Core Classes and Standard implementations
path: /root/.m2/repository/org/apache/tomcat/catalina/6.0.18/catalina-6.0.18.jar
Dependency Hierarchy: - jasper-6.0.18.jar (Root Library) - :x: **catalina-6.0.18.jar** (Vulnerable Library)
Found in HEAD commit: 1d3a9da2b49a075b9122e05e19a483fc66b5aaf4
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
Publish Date: 2016-02-25
URL: CVE-2016-0706
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-0706
Release Date: 2016-02-25
Fix Resolution: 6.0.45,7.0.68,8.0.31,9.0.0.M2
Step up your Open Source Security Game with WhiteSource here