CVE-2016-6816

20.03.2017, 18:59

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
apache	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Vendor	Product	Version
apache	tomcat	6.0.0
apache	tomcat	6.0.1
apache	tomcat	6.0.2
apache	tomcat	6.0.3
apache	tomcat	6.0.4
apache	tomcat	6.0.5
apache	tomcat	6.0.6
apache	tomcat	6.0.7
apache	tomcat	6.0.8
apache	tomcat	6.0.9
apache	tomcat	6.0.10
apache	tomcat	6.0.11
apache	tomcat	6.0.12
apache	tomcat	6.0.13
apache	tomcat	6.0.14
apache	tomcat	6.0.15
apache	tomcat	6.0.16
apache	tomcat	6.0.17
apache	tomcat	6.0.18
apache	tomcat	6.0.19
apache	tomcat	6.0.20
apache	tomcat	6.0.21
apache	tomcat	6.0.22
apache	tomcat	6.0.23
apache	tomcat	6.0.24
apache	tomcat	6.0.25
apache	tomcat	6.0.26
apache	tomcat	6.0.27
apache	tomcat	6.0.28
apache	tomcat	6.0.29
apache	tomcat	6.0.30
apache	tomcat	6.0.31
apache	tomcat	6.0.32
apache	tomcat	6.0.33
apache	tomcat	6.0.34
apache	tomcat	6.0.35
apache	tomcat	6.0.36
apache	tomcat	6.0.37
apache	tomcat	6.0.38
apache	tomcat	6.0.39
apache	tomcat	6.0.40
apache	tomcat	6.0.41
apache	tomcat	6.0.42
apache	tomcat	6.0.43
apache	tomcat	6.0.44
apache	tomcat	6.0.45
apache	tomcat	6.0.46
apache	tomcat	6.0.47
apache	tomcat	7.0.0
apache	tomcat	7.0.1
apache	tomcat	7.0.2
apache	tomcat	7.0.3
apache	tomcat	7.0.4
apache	tomcat	7.0.5
apache	tomcat	7.0.6
apache	tomcat	7.0.7
apache	tomcat	7.0.8
apache	tomcat	7.0.9
apache	tomcat	7.0.10
apache	tomcat	7.0.11
apache	tomcat	7.0.12
apache	tomcat	7.0.13
apache	tomcat	7.0.14
apache	tomcat	7.0.15
apache	tomcat	7.0.16
apache	tomcat	7.0.17
apache	tomcat	7.0.18
apache	tomcat	7.0.19
apache	tomcat	7.0.20
apache	tomcat	7.0.21
apache	tomcat	7.0.22
apache	tomcat	7.0.23
apache	tomcat	7.0.24
apache	tomcat	7.0.25
apache	tomcat	7.0.26
apache	tomcat	7.0.27
apache	tomcat	7.0.28
apache	tomcat	7.0.29
apache	tomcat	7.0.30
apache	tomcat	7.0.31
apache	tomcat	7.0.32
apache	tomcat	7.0.33
apache	tomcat	7.0.34
apache	tomcat	7.0.35
apache	tomcat	7.0.36
apache	tomcat	7.0.37
apache	tomcat	7.0.38
apache	tomcat	7.0.39
apache	tomcat	7.0.40
apache	tomcat	7.0.41
apache	tomcat	7.0.42
apache	tomcat	7.0.43
apache	tomcat	7.0.44
apache	tomcat	7.0.45
apache	tomcat	7.0.46
apache	tomcat	7.0.47
apache	tomcat	7.0.48
apache	tomcat	7.0.49
apache	tomcat	7.0.50
apache	tomcat	7.0.51
apache	tomcat	7.0.52
apache	tomcat	7.0.53
apache	tomcat	7.0.54
apache	tomcat	7.0.55
apache	tomcat	7.0.56
apache	tomcat	7.0.57
apache	tomcat	7.0.58
apache	tomcat	7.0.59
apache	tomcat	7.0.60
apache	tomcat	7.0.61
apache	tomcat	7.0.62
apache	tomcat	7.0.63
apache	tomcat	7.0.64
apache	tomcat	7.0.65
apache	tomcat	7.0.66
apache	tomcat	7.0.67
apache	tomcat	7.0.68
apache	tomcat	7.0.69
apache	tomcat	7.0.70
apache	tomcat	7.0.71
apache	tomcat	7.0.72
apache	tomcat	8.0.0
apache	tomcat	8.0.1
apache	tomcat	8.0.2
apache	tomcat	8.0.3
apache	tomcat	8.0.4
apache	tomcat	8.0.5
apache	tomcat	8.0.6
apache	tomcat	8.0.7
apache	tomcat	8.0.8
apache	tomcat	8.0.9
apache	tomcat	8.0.10
apache	tomcat	8.0.11
apache	tomcat	8.0.12
apache	tomcat	8.0.13
apache	tomcat	8.0.14
apache	tomcat	8.0.15
apache	tomcat	8.0.16
apache	tomcat	8.0.17
apache	tomcat	8.0.18
apache	tomcat	8.0.19
apache	tomcat	8.0.20
apache	tomcat	8.0.21
apache	tomcat	8.0.22
apache	tomcat	8.0.23
apache	tomcat	8.0.24
apache	tomcat	8.0.25
apache	tomcat	8.0.26
apache	tomcat	8.0.27
apache	tomcat	8.0.28
apache	tomcat	8.0.29
apache	tomcat	8.0.30
apache	tomcat	8.0.31
apache	tomcat	8.0.32
apache	tomcat	8.0.33
apache	tomcat	8.0.34
apache	tomcat	8.0.35
apache	tomcat	8.0.36
apache	tomcat	8.0.37
apache	tomcat	8.0.38
apache	tomcat	8.5.0
apache	tomcat	8.5.1
apache	tomcat	8.5.2
apache	tomcat	8.5.3
apache	tomcat	8.5.4
apache	tomcat	8.5.5
apache	tomcat	8.5.6
apache	tomcat	9.0.0:milestone1
apache	tomcat	9.0.0:milestone10
apache	tomcat	9.0.0:milestone11
apache	tomcat	9.0.0:milestone2
apache	tomcat	9.0.0:milestone3
apache	tomcat	9.0.0:milestone4
apache	tomcat	9.0.0:milestone5
apache	tomcat	9.0.0:milestone6
apache	tomcat	9.0.0:milestone7
apache	tomcat	9.0.0:milestone8
apache	tomcat	9.0.0:milestone9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat9

bullseye (security)	9.0.43-2~deb11u10 fixed
bullseye	9.0.43-2~deb11u10 fixed
bookworm	9.0.70-2 fixed
sid	9.0.95-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat6

noble	dne
mantic	dne
lunar	dne
kinetic	dne
jammy	dne
impish	dne
hirsute	dne
groovy	dne
focal	dne
eoan	dne
disco	dne
cosmic	dne
bionic	dne
artful	dne
zesty	dne
yakkety	dne
xenial	Fixed 6.0.45+dfsg-1ubuntu0.1 released
trusty	needed
precise	Fixed 6.0.35-1ubuntu3.9 released

tomcat7

noble	dne
mantic	dne
lunar	dne
kinetic	dne
jammy	dne
impish	dne
hirsute	dne
groovy	dne
focal	dne
eoan	dne
disco	dne
cosmic	not-affected
bionic	not-affected
artful	not-affected
zesty	not-affected
yakkety	ignored
xenial	Fixed 7.0.68-1ubuntu0.3 released
trusty	Fixed 7.0.52-1ubuntu0.8 released
precise	ignored

tomcat8

noble	dne
mantic	dne
lunar	dne
kinetic	dne
jammy	dne
impish	dne
hirsute	dne
groovy	dne
focal	dne
eoan	dne
disco	dne
cosmic	Fixed 8.0.38-2ubuntu1 released
bionic	Fixed 8.0.38-2ubuntu1 released
artful	Fixed 8.0.38-2ubuntu1 released
zesty	Fixed 8.0.38-2ubuntu1 released
yakkety	Fixed 8.0.37-1ubuntu0.1 released
xenial	Fixed 8.0.32-1ubuntu1.3 released
trusty	dne
precise	dne