First published: Thu Oct 27 2016(Updated: )
Last updated 24 July 2024
Credit: security@apache.org security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/tomcat | <6.0.47 | 6.0.47 |
redhat/tomcat | <7.0.72 | 7.0.72 |
redhat/tomcat | <8.5.5 | 8.5.5 |
redhat/tomcat | <8.0.37 | 8.0.37 |
maven/org.apache.tomcat:tomcat | >=7.0.0<7.0.72 | 7.0.72 |
maven/org.apache.tomcat:tomcat | >=8.0.0<=8.0.36 | 8.0.37 |
maven/org.apache.tomcat:tomcat | >=8.5.0<=8.5.4 | 8.5.5 |
maven/org.apache.tomcat:tomcat | >=9.0.0.M1<=9.0.0.M9 | 9.0.0.M10 |
debian/tomcat6 | ||
Tomcat | >=6.0.0<=6.0.45 | |
Tomcat | >=7.0.0<=7.0.70 | |
Tomcat | >=8.0<=8.0.36 | |
Tomcat | >=8.5.0<=8.5.4 | |
Tomcat | =9.0.0-milestone1 | |
Tomcat | =9.0.0-milestone2 | |
Tomcat | =9.0.0-milestone3 | |
Tomcat | =9.0.0-milestone4 | |
Tomcat | =9.0.0-milestone5 | |
Tomcat | =9.0.0-milestone6 | |
Tomcat | =9.0.0-milestone7 | |
Tomcat | =9.0.0-milestone8 | |
Tomcat | =9.0.0-milestone9 | |
Oracle Tekelec Platform Distribution | >=7.4.0<=7.7.1 | |
Debian Linux | =8.0 | |
NetApp OnCommand Insight | ||
NetApp OnCommand Shift | ||
NetApp Snap Creator Framework | ||
Ubuntu | =16.04 | |
Red Hat JBoss Enterprise Web Server | =3.0.0 | |
Red Hat Enterprise Linux Desktop | =7.0 | |
Red Hat Enterprise Linux Server EUS | =7.4 | |
Red Hat Enterprise Linux Server EUS | =7.5 | |
Red Hat Enterprise Linux Server EUS | =7.6 | |
Red Hat Enterprise Linux Server EUS | =7.7 | |
Red Hat Enterprise Linux Server | =7.0 | |
Red Hat Enterprise Linux Server | =7.4 | |
Red Hat Enterprise Linux Server | =7.6 | |
Red Hat Enterprise Linux Server | =7.7 | |
Red Hat Enterprise Linux Server | =7.6 | |
Red Hat Enterprise Linux Server | =7.7 | |
Red Hat Enterprise Linux Workstation | =7.0 | |
Tomcat | =9.0.0-m1 | |
Tomcat | =9.0.0-m2 | |
Tomcat | =9.0.0-m3 | |
Tomcat | =9.0.0-m4 | |
Tomcat | =9.0.0-m5 | |
Tomcat | =9.0.0-m6 | |
Tomcat | =9.0.0-m7 | |
Tomcat | =9.0.0-m8 | |
Tomcat | =9.0.0-m9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2016-6797 is considered medium due to its potential for unauthorized access to global JNDI resources.
To fix CVE-2016-6797, update to Tomcat version 6.0.47, 7.0.72, 8.0.37, 8.5.5, or 9.0.0.M10.
Affected versions of Tomcat include 6.0.0 to 6.0.45, 7.0.0 to 7.0.70, 8.0.0 to 8.0.36, and 8.5.0 to 8.5.4.
The risk associated with CVE-2016-6797 is that a vulnerable web application could access sensitive global JNDI resources without proper authorization.
A potential workaround for CVE-2016-6797 includes restricting access to JNDI resources through appropriate security configurations.