Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2016-0706
Description:Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/ list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2016-0706
BugTraq ID: 83324
Bugtraq: 20160222 [SECURITY] CVE-2016-0706 Apache Tomcat Security Manager bypass (Google Search)
Debian Security Information: DSA-3530 (Google Search)
Debian Security Information: DSA-3552 (Google Search)
Debian Security Information: DSA-3609 (Google Search)
HPdes Security Advisory: HPSBUX03561
RedHat Security Advisories: RHSA-2016:1087
RedHat Security Advisories: RHSA-2016:1088
RedHat Security Advisories: RHSA-2016:1089
RedHat Security Advisories: RHSA-2016:2045
RedHat Security Advisories: RHSA-2016:2599
RedHat Security Advisories: RHSA-2016:2807
RedHat Security Advisories: RHSA-2016:2808
SuSE Security Announcement: SUSE-SU-2016:0769 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0822 (Google Search)
SuSE Security Announcement: SUSE-SU-2016:0839 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:0865 (Google Search)

© 1998-2022 E-Soft Inc. All rights reserved.