CVE-2016-0763

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-0763
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-0763.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-0763
Aliases
Related
Published
2016-02-25T01:59:06Z
Modified
2024-09-03T00:02:59Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type
GIT
Repo
https://github.com/apache/tomcat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
009cf0448025b6227b026e66f5351f0dcb3dd733
Last affected
05e76dc1b6edcc2fa87d95de72a8a714267e462d
Last affected
1958059057715d26415839cabad78e685d4d02f1
Last affected
1b734919fd5ee83a2905070dcbd6ffffff1beb63
Last affected
20bd21830dfe7864cac78acb1b7c825baa11bd85
Last affected
29b07def810d335012e738b22ab44d4e232b50d1
Last affected
2b858c0fce0db18ca733b161d7428f2cca214841
Last affected
30a7e7f7b48aa5f9f4a559635966d70901b5f51d
Last affected
32583ea28061391c314a09a43fbee48c072940a9
Last affected
3477614af783b612341fa6bc00c16b32d1791de8
Last affected
47af1012111595546f31d9096a37a839f93caa62
Last affected
4a39288c6eab999452c72af9fd1a0c12b054ca9f
Last affected
5e096bfd5a387f057766dc6b5217feae75b08331
Last affected
5f6f258107e7e463cce41187e13474f3c894693e
Last affected
68e114cf9fe0a83a888099c084b3036040afa518
Last affected
6b77b128188a5ed033da2998ff2f47f65aa4f7f8
Last affected
6e2c7f6227de95874c79f77bafe5ed26dfeb4021
Last affected
7cfeba335a41dd3b0e423f12534e5936c461711c
Last affected
7e8629b4ff4152ae6285fa184745e9a1382ca440
Last affected
81d3e54a46de226a5a8f11bcc65195cddcc24f96
Last affected
85cfeb746b8ea0d0e51cc4ced6053075f5460a36
Last affected
86ecd2ad87b805992b9e4c2f2317feaab7a1e3fb
Last affected
892c777b9d5c051dc20aacfefc280ab02dbe2143
Last affected
8b83cefaf2a454706f03f509944ca46103db4d13
Last affected
8d84136656655a20287cf2dac6ec7fd047979de5
Last affected
9e0d31f12dbd5441097dbec493895ad4e07a6832
Last affected
9f62bc56a0887353e58579153a30c64c5369efdb
Last affected
a6d2ed3eef40903b661d138ae7c8fbd9790d1928
Last affected
ad3da1182b0ed370ec233b925c69dcee826a9efe
Last affected
b7b373b84f1b80602ed62fb056be7c7ce429a15c
Last affected
b7d6e626d03f61ccd6c92e8ea28df12e67d256e6
Last affected
ba53773f48f31de787edb559db38e3e02d7efffd
Last affected
be7e6137267298d6a7b1b3cd2cb1f3f605f9162b
Last affected
c845090723d1118dbce1928f9468e1726b79c3b1
Last affected
d70fcee0390d1a82b108979d26a7a397a7418bc7
Last affected
ddd8de1c64ef852caca10ab876fed02cfe827ef1
Last affected
de47b464201769870a06764cdd5143a59cd95302
Last affected
eae5ead3864c4e2d528a874069828c6c12dee8a5
Last affected
efa0e79f82f17880c0d7427918bc34a83243dfa6
Last affected
f6de6eb5445d266506fcf89d3962a622478c2c6c
Last affected
feaf3763fb37e4a9176ef46a2c80e34821077884
Last affected
fec4a6d1d1f050401aec5c6a3bd0431850472d92