The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2016-10-27T00:00:00
Updated: 2021-10-20T10:37:52
Reserved: 2016-08-12T00:00:00
Link: CVE-2016-6797
JSON object: View
NVD Information
Status : Modified
Published: 2017-08-10T22:29:00.203
Modified: 2023-12-08T16:41:18.860
Link: CVE-2016-6797
JSON object: View
Redhat Information
No data.
CWE