CVE-2016-5018
critical
CVSS v3
9.1
CVSS v4 NEW
โ
VIR risk
9.1
Description
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Predictions
Exploit likelihood
94%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Debian Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8.0 | Affected | โ |
Red Hat Affected 5 releases
| Version | Status | Fixed in |
|---|---|---|
| 7.7 | Affected | โ |
| 7.6 | Affected | โ |
| 7.5 | Affected | โ |
| 7.4 | Affected | โ |
| 7.0 | Affected | โ |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
Ubuntu Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| 16.04 | Affected | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.tomcat:tomcat-jasper | >=9.0.0.M1,<9.0.0.M10 | 9.0.0.M10 |
| Maven | org.apache.tomcat:tomcat-jasper | >=8.5.0,<8.5.5 | 8.5.5 |
| Maven | org.apache.tomcat:tomcat-jasper | >=8.0.0RC1,<8.0.37 | 8.0.37 |
| Maven | org.apache.tomcat:tomcat-jasper | >=7.0.0,<7.0.72 | 7.0.72 |
| Maven | org.apache.tomcat:jasper | >=6.0.0,<6.0.47 | 6.0.47 |
| Maven | org.apache.tomcat.embed:tomcat-embed-jasper | >=9.0.0.M1,<9.0.0.M10 | 9.0.0.M10 |
| Maven | org.apache.tomcat.embed:tomcat-embed-jasper | >=8.5.0,<8.5.5 | 8.5.5 |
| Maven | org.apache.tomcat.embed:tomcat-embed-jasper | >=8.0.0RC1,<8.0.37 | 8.0.37 |
| Maven | org.apache.tomcat.embed:tomcat-embed-jasper | >=7.0.0,<7.0.72 | 7.0.72 |
| Maven | org.apache.tomcat.embed:tomcat-embed-jasper | >=6.0.0,<6.0.47 | 6.0.47 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | tomcat | {"startIncluding":"6.0.0","endIncluding":"6.0.45"} | |
| apache | tomcat | 9.0.0 | |
| netapp | oncommand_insight | - | |
| netapp | oncommand_shift | - | |
| netapp | snap_creator_framework | - | |
| redhat | jboss_enterprise_application_platform | 6.4 | |
| redhat | jboss_enterprise_web_server | 3.0.0 | |
| oracle | tekelec_platform_distribution | {"startIncluding":"7.4.0","endIncluding":"7.7.1"} | |
References
- https://www.suse.com/security/cve/CVE-2016-5018.html
- http://packetstormsecurity.com/files/155873/Tomcat-9.0.0.M1-Sandbox-Escape.html
- http://rhn.redhat.com/errata/RHSA-2017-0457.html
- http://rhn.redhat.com/errata/RHSA-2017-1551.html
- http://www.debian.org/security/2016/dsa-3720
- http://www.securityfocus.com/bid/93942
- http://www.securitytracker.com/id/1037142
- http://www.securitytracker.com/id/1038757
- https://access.redhat.com/errata/RHSA-2017:0455
- https://access.redhat.com/errata/RHSA-2017:0456
- https://access.redhat.com/errata/RHSA-2017:1548
- https://access.redhat.com/errata/RHSA-2017:1549
- https://access.redhat.com/errata/RHSA-2017:1550
- https://access.redhat.com/errata/RHSA-2017:1552
- https://access.redhat.com/errata/RHSA-2017:2247
- https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/9b3a63a20c87179815fdea14f6766853bafe79a0042dc0b4aa878a9e%40%3Cannounce.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.