First Last Prev Next    This bug is not in your last search results.
Bug 1007855 - (CVE-2016-5018) VUL-1: CVE-2016-5018: tomcat: Security Manager Bypass
(CVE-2016-5018)
VUL-1: CVE-2016-5018: tomcat: Security Manager Bypass
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/174182/
CVSSv2:RedHat:CVE-2016-5018:4.0:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-01 08:30 UTC by Victor Pereira
Modified: 2018-08-23 16:05 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-11-01 08:30:51 UTC 
CVE-2016-5018

Apache Tomcat Security Manager Bypass

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M9
Apache Tomcat 8.5.0 to 8.5.4
Apache Tomcat 8.0.0.RC1 to 8.0.36
Apache Tomcat 7.0.0 to 7.0.70
Apache Tomcat 6.0.0 to 6.0.45
Earlier, unsupported versions may also be affected.

Description
A malicious web application was able to bypass a configured
SecurityManager via a Tomcat utility method that was accessible to web
applications.

Mitigation
Users of affected versions should apply one of the following mitigations
- Upgrade to Apache Tomcat 9.0.0.M10 or later
- Upgrade to Apache Tomcat 8.5.5 or later
- Upgrade to Apache Tomcat 8.0.37 or later
- Upgrade to Apache Tomcat 7.0.72 or later
  (Apache Tomcat 7.0.71 has the fix but was not released)
- Upgrade to Apache Tomcat 6.0.47 or later
  (Apache Tomcat 6.0.46 has the fix but was not released)

Credit:
This issue was discovered by Alvaro Munoz of the HP Enterprise Security
Team and reported responsibly to the Apache Tomcat Security Team.

References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html
[3] http://tomcat.apache.org/security-7.html
[4] http://tomcat.apache.org/security-6.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5018
http://seclists.org/oss-sec/2016/q4/259
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5018.html
Comment 1 Swamp Workflow Management 2016-11-01 23:00:37 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2016-12-10 22:08:36 UTC 
SUSE-SU-2016:3079-1: An update that solves 7 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1002639,1004728,1007853,1007854,1007855,1007857,1007858,1010893,1011805,1011812,974407
CVE References: CVE-2016-0762,CVE-2016-5018,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-6816,CVE-2016-8735
Sources used:
SUSE Linux Enterprise Server 12-SP1 (src):    tomcat-8.0.32-10.13.2
Comment 3 Swamp Workflow Management 2016-12-10 22:12:31 UTC 
SUSE-SU-2016:3081-1: An update that solves 7 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1002639,1007853,1007854,1007855,1007857,1007858,1010893,1011805,1011812
CVE References: CVE-2016-0762,CVE-2016-5018,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-6816,CVE-2016-8735
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    tomcat-8.0.36-17.1
SUSE Linux Enterprise Server 12-SP2 (src):    tomcat-8.0.36-17.1
Comment 4 Swamp Workflow Management 2016-12-14 00:15:40 UTC 
openSUSE-SU-2016:3129-1: An update that solves 7 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1002639,1004728,1007853,1007854,1007855,1007857,1007858,1010893,1011805,1011812,974407
CVE References: CVE-2016-0762,CVE-2016-5018,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-6816,CVE-2016-8735
Sources used:
openSUSE Leap 42.1 (src):    apache-commons-dbcp-2.1.1-2.1, apache-commons-pool2-2.4.2-2.1, tomcat-8.0.32-11.1
Comment 5 Swamp Workflow Management 2016-12-14 00:28:49 UTC 
openSUSE-SU-2016:3144-1: An update that solves 7 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1002639,1007853,1007854,1007855,1007857,1007858,1010893,1011805,1011812
CVE References: CVE-2016-0762,CVE-2016-5018,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-6816,CVE-2016-8735
Sources used:
openSUSE Leap 42.2 (src):    apache-commons-dbcp-2.1.1-2.1, apache-commons-pool2-2.4.2-2.1, tomcat-8.0.36-4.1
Comment 6 Swamp Workflow Management 2017-06-21 10:10:37 UTC 
SUSE-SU-2017:1632-1: An update that solves 10 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1007853,1007854,1007855,1007857,1007858,1011805,1011812,1015119,1033448,1036642,988489
CVE References: CVE-2016-0762,CVE-2016-5018,CVE-2016-5388,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-6816,CVE-2016-8735,CVE-2016-8745,CVE-2017-5647
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    tomcat6-6.0.53-0.56.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    tomcat6-6.0.53-0.56.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    tomcat6-6.0.53-0.56.1
Comment 7 Swamp Workflow Management 2017-06-23 13:10:20 UTC 
SUSE-SU-2017:1660-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 1007853,1007854,1007855,1007857,1007858,1011805,1011812,1015119,1033447,1033448,986359,988489
CVE References: CVE-2016-0762,CVE-2016-3092,CVE-2016-5018,CVE-2016-5388,CVE-2016-6794,CVE-2016-6796,CVE-2016-6797,CVE-2016-6816,CVE-2016-8735,CVE-2016-8745,CVE-2017-5647,CVE-2017-5648
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    tomcat-7.0.78-7.13.4
SUSE Linux Enterprise Server 12-LTSS (src):    tomcat-7.0.78-7.13.4
Comment 8 Marcus Meissner 2017-07-03 13:22:59 UTC 
released
First Last Prev Next    This bug is not in your last search results.