When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2016-10-27T00:00:00
Updated: 2021-10-20T10:37:50
Reserved: 2016-08-12T00:00:00
Link: CVE-2016-6794
JSON object: View
NVD Information
Status : Modified
Published: 2017-08-10T16:29:00.530
Modified: 2023-12-08T16:41:18.860
Link: CVE-2016-6794
JSON object: View
Redhat Information
No data.
CWE