CVE-2016-6794MEDIUM
Description
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
References
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://www.debian.org/security/2016/dsa-3720
http://www.securityfocus.com/bid/93943
http://www.securitytracker.com/id/1037143
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://access.redhat.com/errata/RHSA-2017:2247
https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E
Details
Source: MITRE
Published: 2017-08-10
Updated: 2020-10-05
Type: CWE-200
Risk Information
CVSS v2.0
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
CVSS v3.0
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 3.9
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.58:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.60:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.66:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.68:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.69:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.70:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m3:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m4:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m6:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:9.0.0:m7:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 141092 | Ubuntu 16.04 LTS : Tomcat vulnerabilities (USN-4557-1) | Nessus | Ubuntu Local Security Checks | high |
| 103030 | EulerOS 2.0 SP2 : tomcat (EulerOS-SA-2017-1192) | Nessus | Huawei Local Security Checks | medium |
| 103029 | EulerOS 2.0 SP1 : tomcat (EulerOS-SA-2017-1191) | Nessus | Huawei Local Security Checks | medium |
| 102756 | CentOS 7 : tomcat (CESA-2017:2247) | Nessus | CentOS Local Security Checks | medium |
| 102664 | Scientific Linux Security Update : tomcat on SL7.x (noarch) (20170802) | Nessus | Scientific Linux Local Security Checks | medium |
| 102300 | Oracle Linux 7 : tomcat (ELSA-2017-2247) | Nessus | Oracle Linux Local Security Checks | medium |
| 102115 | RHEL 7 : tomcat (RHSA-2017:2247) | Nessus | Red Hat Local Security Checks | medium |
| 99930 | Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32) | Nessus | Misc. | high |
| 97596 | RHEL 7 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0456) | Nessus | Red Hat Local Security Checks | high |
| 97595 | RHEL 6 : Red Hat JBoss Web Server 3.1.0 (RHSA-2017:0455) | Nessus | Red Hat Local Security Checks | high |
| 96978 | Ubuntu 12.04 LTS / 14.04 LTS : tomcat6, tomcat7 regression (USN-3177-2) (httpoxy) | Nessus | Ubuntu Local Security Checks | high |
| 96720 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : tomcat6, tomcat7, tomcat8 vulnerabilities (USN-3177-1) (httpoxy) | Nessus | Ubuntu Local Security Checks | high |
| 96366 | FreeBSD : tomcat -- multiple vulnerabilities (3ae106e2-d521-11e6-ae1b-002590263bf5) | Nessus | FreeBSD Local Security Checks | medium |
| 95791 | openSUSE Security Update : tomcat (openSUSE-2016-1456) | Nessus | SuSE Local Security Checks | high |
| 95790 | openSUSE Security Update : tomcat (openSUSE-2016-1455) | Nessus | SuSE Local Security Checks | high |
| 95455 | Debian DLA-729-1 : tomcat7 security update | Nessus | Debian Local Security Checks | high |
| 95454 | Debian DLA-728-1 : tomcat6 security update | Nessus | Debian Local Security Checks | high |
| 95034 | Debian DSA-3721-1 : tomcat7 - security update | Nessus | Debian Local Security Checks | medium |
| 95033 | Debian DSA-3720-1 : tomcat8 - security update | Nessus | Debian Local Security Checks | medium |
| 94997 | Fedora 25 : 1:tomcat (2016-38e5b05260) (httpoxy) | Nessus | Fedora Local Security Checks | high |
| 94748 | Fedora 24 : 1:tomcat (2016-c1b01b9278) (httpoxy) | Nessus | Fedora Local Security Checks | high |
| 94747 | Fedora 23 : 1:tomcat (2016-4094bd4ad6) (httpoxy) | Nessus | Fedora Local Security Checks | high |
| 94684 | Amazon Linux AMI : tomcat6 / tomcat7,tomcat8 (ALAS-2016-764) | Nessus | Amazon Linux Local Security Checks | high |
| 9723 | Apache Tomcat 6.0.x < 6.0.47 / 7.0.x < 7.0.72 / 8.0.x < 8.0.37 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 9721 | Apache Tomcat 8.5.x < 8.5.5 / 9.0.0.x < 9.0.0.M10 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 94578 | Apache Tomcat 6.0.x < 6.0.47 / 7.0.x < 7.0.72 / 8.0.x < 8.0.37 / 8.5.x < 8.5.5 / 9.0.x < 9.0.0.M10 Multiple Vulnerabilities | Nessus | Web Servers | medium |