CVE-2016-6816
CVE-2016-6816
Vexday Risk Score
35Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS —EPSS 39.6%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
20 Mar 2017Published on NVD
04 Apr 2017Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
Affected products
Apache Software Foundation · Apache Tomcatpublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/41783/unverifiedexploitdbwww.exploit-db.com/exploits/41783unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rhn.redhat.com/errata/RHSA-2017-0244.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0245.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0246.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0247.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0250.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0527.htmlhttps://access.redhat.com/errata/RHSA-2017:0455https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0935https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E