Description

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Remediation

References

CVE-2016-6816

Related Vulnerabilities

WordPress Plugin Far Future Expiry Header Cross-Site Request Forgery (1.4)

WordPress Plugin BSDev.at-Importer:Serendipity Cross-Site Scripting (0.0.1)

Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-44026)

WordPress Plugin Videox7 UGC 'listid' Parameter Cross-Site Scripting (2.5.3.2)

Drupal Core 8.9.x Multiple Security Bypass Vulnerabilities (8.9.0 - 8.9.18)

Severity

High

Classification

CVE-2016-6816 CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities