From 17801c7edae8c0da50660aa34faef13f5afc625d Mon Sep 17 00:00:00 2001 From: feld Date: Sun, 28 Feb 2016 20:50:20 +0000 Subject: Document tomcat vulnerabilities Security: CVE-2016-0714 --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4fb0ed81aabb..febc5b694f66 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,42 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + tomcat -- security manager bypass + + + tomcat6 + 6.0.45 + + + tomcat7 + 7.0.67 + + + tomcat8 + 8.0.30 + + + + +

Mark Thomas reports:

+
By placing a carefully + crafted object into a session, a malicious web application could trigger + the execution of arbitrary code.
+

+ + + + https://mail-archives.apache.org/mod_mbox/www-announce/201602.mbox/%3C56CAEF4F.5090003%40apache.org%3E + CVE-2016-0714 + + + 2016-02-22 + 2016-02-28 + + + xerces-c3 -- Parser Crashes on Malformed Input -- cgit