Description

When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.

Remediation

References

CVE-2016-6794

Related Vulnerabilities

Oracle HTTP Server Other Vulnerability (CVE-2002-0659)

WordPress Plugin ReFlex Gallery 'php.php' Arbitrary File Upload (1.4.6)

Elgg Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0234)

WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.23)

WordPress Plugin WP Payeezy Pay Local File Inclusion (2.97)

Severity

Medium

Classification

CVE-2016-6794 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities