CVE-2016-6816

high

Description

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

References

https://www.exploit-db.com/exploits/41783/

https://usn.ubuntu.com/4557-1/

https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39

https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73

https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48

https://security.netapp.com/advisory/ntap-20180607-0001/

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://access.redhat.com/errata/RHSA-2017:0935

https://access.redhat.com/errata/RHSA-2017:0456

https://access.redhat.com/errata/RHSA-2017:0455

http://www.securitytracker.com/id/1037332

http://www.securityfocus.com/bid/94461

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.debian.org/security/2016/dsa-3738

http://rhn.redhat.com/errata/RHSA-2017-0527.html

http://rhn.redhat.com/errata/RHSA-2017-0457.html

http://rhn.redhat.com/errata/RHSA-2017-0250.html

http://rhn.redhat.com/errata/RHSA-2017-0247.html

http://rhn.redhat.com/errata/RHSA-2017-0246.html

http://rhn.redhat.com/errata/RHSA-2017-0245.html

http://rhn.redhat.com/errata/RHSA-2017-0244.html

Details

Source: Mitre, NVD

Published: 2017-03-20

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Severity: High

EPSS

EPSS: 0.03104