The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 02:34
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-08-10 22:29
Updated : 2024-02-28 16:04
NVD link : CVE-2016-6797
Mitre link : CVE-2016-6797
CVE.ORG link : CVE-2016-6797
JSON object : View
Products Affected
netapp
- oncommand_shift
- snap_creator_framework
- oncommand_insight
redhat
- enterprise_linux_desktop
- enterprise_linux_server_aus
- jboss_enterprise_web_server
- enterprise_linux_server
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_workstation
oracle
- tekelec_platform_distribution
debian
- debian_linux
apache
- tomcat
canonical
- ubuntu_linux
CWE
CWE-863
Incorrect Authorization