ubuntu-cve-2016-6794
Vulnerability from osv_ubuntu
Published
2016-10-28 00:00
Modified
2026-06-04 10:36
Summary
Details

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

Severity

{
  "affected": [
    {
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libservlet3.0-java",
            "binary_version": "7.0.52-1ubuntu0.8"
          },
          {
            "binary_name": "libtomcat7-java",
            "binary_version": "7.0.52-1ubuntu0.8"
          },
          {
            "binary_name": "tomcat7",
            "binary_version": "7.0.52-1ubuntu0.8"
          },
          {
            "binary_name": "tomcat7-admin",
            "binary_version": "7.0.52-1ubuntu0.8"
          },
          {
            "binary_name": "tomcat7-common",
            "binary_version": "7.0.52-1ubuntu0.8"
          },
          {
            "binary_name": "tomcat7-docs",
            "binary_version": "7.0.52-1ubuntu0.8"
          },
          {
            "binary_name": "tomcat7-examples",
            "binary_version": "7.0.52-1ubuntu0.8"
          },
          {
            "binary_name": "tomcat7-user",
            "binary_version": "7.0.52-1ubuntu0.8"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "tomcat7",
        "purl": "pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.8?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.52-1ubuntu0.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "7.0.42-1",
        "7.0.47-1",
        "7.0.50-1",
        "7.0.52-1",
        "7.0.52-1ubuntu0.1",
        "7.0.52-1ubuntu0.3",
        "7.0.52-1ubuntu0.6",
        "7.0.52-1ubuntu0.7"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "libservlet2.4-java",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "libservlet2.5-java",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "libtomcat6-java",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "tomcat6",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "tomcat6-admin",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "tomcat6-common",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "tomcat6-docs",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "tomcat6-examples",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "tomcat6-extras",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          },
          {
            "binary_name": "tomcat6-user",
            "binary_version": "6.0.39-1ubuntu0.1+esm3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:Pro:14.04:LTS",
        "name": "tomcat6",
        "purl": "pkg:deb/ubuntu/tomcat6@6.0.39-1ubuntu0.1+esm3?arch=source\u0026distro=esm-infra-legacy/trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "6.0.37-1",
        "6.0.39-1",
        "6.0.39-1ubuntu0.1",
        "6.0.39-1ubuntu0.1+esm1",
        "6.0.39-1ubuntu0.1+esm2",
        "6.0.39-1ubuntu0.1+esm3"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libservlet2.5-java",
            "binary_version": "6.0.45+dfsg-1ubuntu0.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "tomcat6",
        "purl": "pkg:deb/ubuntu/tomcat6@6.0.45+dfsg-1ubuntu0.1?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.0.45+dfsg-1ubuntu0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "6.0.41-4",
        "6.0.45+dfsg-1"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libservlet3.0-java",
            "binary_version": "7.0.68-1ubuntu0.3"
          },
          {
            "binary_name": "libtomcat7-java",
            "binary_version": "7.0.68-1ubuntu0.3"
          },
          {
            "binary_name": "tomcat7",
            "binary_version": "7.0.68-1ubuntu0.3"
          },
          {
            "binary_name": "tomcat7-admin",
            "binary_version": "7.0.68-1ubuntu0.3"
          },
          {
            "binary_name": "tomcat7-common",
            "binary_version": "7.0.68-1ubuntu0.3"
          },
          {
            "binary_name": "tomcat7-docs",
            "binary_version": "7.0.68-1ubuntu0.3"
          },
          {
            "binary_name": "tomcat7-examples",
            "binary_version": "7.0.68-1ubuntu0.3"
          },
          {
            "binary_name": "tomcat7-user",
            "binary_version": "7.0.68-1ubuntu0.3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "tomcat7",
        "purl": "pkg:deb/ubuntu/tomcat7@7.0.68-1ubuntu0.3?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.68-1ubuntu0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "7.0.64-1",
        "7.0.68-1",
        "7.0.68-1ubuntu0.1"
      ]
    },
    {
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "libservlet3.1-java",
            "binary_version": "8.0.32-1ubuntu1.3"
          },
          {
            "binary_name": "libtomcat8-java",
            "binary_version": "8.0.32-1ubuntu1.3"
          },
          {
            "binary_name": "tomcat8",
            "binary_version": "8.0.32-1ubuntu1.3"
          },
          {
            "binary_name": "tomcat8-admin",
            "binary_version": "8.0.32-1ubuntu1.3"
          },
          {
            "binary_name": "tomcat8-common",
            "binary_version": "8.0.32-1ubuntu1.3"
          },
          {
            "binary_name": "tomcat8-docs",
            "binary_version": "8.0.32-1ubuntu1.3"
          },
          {
            "binary_name": "tomcat8-examples",
            "binary_version": "8.0.32-1ubuntu1.3"
          },
          {
            "binary_name": "tomcat8-user",
            "binary_version": "8.0.32-1ubuntu1.3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "tomcat8",
        "purl": "pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1.3?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.32-1ubuntu1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "8.0.26-1",
        "8.0.28-1",
        "8.0.30-1",
        "8.0.32-1",
        "8.0.32-1ubuntu1",
        "8.0.32-1ubuntu1.1",
        "8.0.32-1ubuntu1.2"
      ]
    }
  ],
  "aliases": [],
  "details": "When a SecurityManager is configured, a web application\u0027s ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.",
  "id": "UBUNTU-CVE-2016-6794",
  "modified": "2026-06-04T10:36:08Z",
  "published": "2016-10-28T00:00:00Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2016-6794"
    },
    {
      "type": "REPORT",
      "url": "http://markmail.org/message/zk7w6yly5mviocci?q=list:org.apache.tomcat.announce/"
    },
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-3177-1"
    },
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-4557-1"
    },
    {
      "type": "REPORT",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
    }
  ],
  "related": [
    "USN-3177-1",
    "USN-4557-1"
  ],
  "schema_version": "1.7.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "low",
      "type": "Ubuntu"
    }
  ],
  "upstream": [
    "CVE-2016-6794"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…