HomePentest-Tools.com Logo

Apache Tomcat HTTP Request Line Information Disclosure Vulnerability - Windows CVE-2016-6816

Severity
CVSSv3 Score
7.1
Vulnerability description

Apache Tomcat is prone to an information disclosure vulnerability.

Risk description

The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. Successful exploitation will allow remote attackers to poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Recommendation

Upgrade to version 9.0.0.M13, 8.5.8, 8.0.39, 7.0.73, 6.0.48 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 20, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available