Your submission was sent successfully! Close

CVE-2016-6797

Published: 28 October 2016

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
tomcat6
Launchpad, Ubuntu, Debian
Upstream
Released (6.0.47)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus)
Released (6.0.45+dfsg-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://svn.apache.org/viewvc?view=revision&revision=1757285
Upstream: https://svn.apache.org/viewvc?view=revision&revision=1763237
tomcat7
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.72)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus)
Released (7.0.68-1ubuntu0.3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (7.0.52-1ubuntu0.8)
Patches:
Upstream: https://svn.apache.org/viewvc?view=revision&revision=1757275
Upstream: https://svn.apache.org/viewvc?view=revision&revision=1763236
tomcat8
Launchpad, Ubuntu, Debian
Upstream
Released (8.0.37)
Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(8.0.38-2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (8.0.32-1ubuntu1.3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://svn.apache.org/viewvc?view=revision&revision=1757273
Upstream: https://svn.apache.org/viewvc?view=revision&revision=1763234