[Secure-testing-commits] r45662 - data/CVE

Moritz Muehlenhoff Thu, 27 Oct 2016 06:25:09 -0700

Author: jmm
Date: 2016-10-27 13:24:02 +0000 (Thu, 27 Oct 2016)
New Revision: 45662


Modified:
   data/CVE/list
Log:
new tomcat issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-10-27 12:56:25 UTC (rev 45661)
+++ data/CVE/list       2016-10-27 13:24:02 UTC (rev 45662)
@@ -6371,14 +6371,29 @@
        RESERVED
 CVE-2016-6798
        RESERVED
-CVE-2016-6797
+CVE-2016-6797 [Apache Tomcat Unrestricted Access to Global Resources]
        RESERVED
-CVE-2016-6796
+       - tomcat8 <unfixed> (low)
+       - tomcat7 <unfixed> (low)
+       - tomcat6 6.0.41-3 (low)
+       NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
+       NOTE: 
http://markmail.org/message/wrku5orwxfpt5mzl?q=list:org.apache.tomcat.announce/
+CVE-2016-6796 [Apache Tomcat Security Manager Bypass]
        RESERVED
+       - tomcat8 <unfixed> (low)
+       - tomcat7 <unfixed> (low)
+       - tomcat6 6.0.41-3 (low)
+       NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
+       NOTE: 
http://markmail.org/message/hynaeawxxhpvvctu?q=list:org.apache.tomcat.announce/
 CVE-2016-6795
        RESERVED
-CVE-2016-6794
+CVE-2016-6794 [Apache Tomcat System Property Disclosure]
        RESERVED
+       - tomcat8 <unfixed> (low)
+       - tomcat7 <unfixed> (low)
+       - tomcat6 6.0.41-3 (low)
+       NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
+       NOTE: 
http://markmail.org/message/zk7w6yly5mviocci?q=list:org.apache.tomcat.announce/
 CVE-2016-6793
        RESERVED
 CVE-2015-8954 [suricata: evasion issues]
@@ -12908,8 +12923,13 @@
        NOT-FOR-US: BIG-IP
 CVE-2016-5019 (CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 
through ...)
        NOT-FOR-US: Apache MyFaces Trinidad
-CVE-2016-5018
+CVE-2016-5018 [Apache Tomcat Security Manager Bypass]
        RESERVED
+       - tomcat8 <unfixed> (low)
+       - tomcat7 <unfixed> (low)
+       - tomcat6 6.0.41-3 (low)
+       NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
+       NOTE: 
http://markmail.org/message/lixw6iyojoxwfizv?q=list:org.apache.tomcat.announce/
 CVE-2016-5017 (Buffer overflow in the C cli shell in Apache Zookeeper before 
3.4.9 ...)
        {DLA-630-1}
        - zookeeper 3.4.9-1
@@ -26813,8 +26833,13 @@
        - tomcat6 6.0.41-3
        NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
        NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
-CVE-2016-0762
+CVE-2016-0762 [Apache Tomcat Realm Timing Attack]
        RESERVED
+       - tomcat8 <unfixed> (low)
+       - tomcat7 <unfixed> (low)
+       - tomcat6 6.0.41-3 (low)
+       NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
+       NOTE: 
http://markmail.org/message/pzuk6hauzljnm4r7?q=list:org.apache.tomcat.announce/
 CVE-2016-0761
        RESERVED
 CVE-2016-0760 (Multiple incomplete blacklist vulnerabilities in Apache Sentry 
before ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r45662 - data/CVE

Reply via email to