CVE-2016-6816
Published: 23 November 2016
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
Priority
Status
Package | Release | Status |
---|---|---|
tomcat6
Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
precise |
Released
(6.0.35-1ubuntu3.9)
|
|
trusty |
Needed
|
|
upstream |
Released
(6.0.48)
|
|
xenial |
Released
(6.0.45+dfsg-1ubuntu0.1)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches:
upstream: https://svn.apache.org/viewvc?view=revision&revision=1720418 upstream: https://svn.apache.org/viewvc?view=revision&revision=1743650 upstream: http://svn.apache.org/r1767683 |
||
tomcat7
Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(7.0.73-1)
|
bionic |
Not vulnerable
(7.0.73-1)
|
|
cosmic |
Not vulnerable
(7.0.73-1)
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(7.0.52-1ubuntu0.8)
|
|
upstream |
Released
(7.0.73)
|
|
xenial |
Released
(7.0.68-1ubuntu0.3)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Not vulnerable
(7.0.73-1)
|
|
Patches:
upstream: http://svn.apache.org/r1767675 |
||
tomcat8
Launchpad, Ubuntu, Debian |
artful |
Released
(8.0.38-2ubuntu1)
|
bionic |
Released
(8.0.38-2ubuntu1)
|
|
cosmic |
Released
(8.0.38-2ubuntu1)
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
mantic |
Does not exist
|
|
noble |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(8.0.39)
|
|
xenial |
Released
(8.0.32-1ubuntu1.3)
|
|
yakkety |
Released
(8.0.37-1ubuntu0.1)
|
|
zesty |
Released
(8.0.38-2ubuntu1)
|
|
Patches:
upstream: http://svn.apache.org/r1767653 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | Low |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |