CVSS: 8.8EPSS: 7%CPEs: 104EXPL: 0CVE-2016-0714 – tomcat: Security Manager bypass via persistence mechanisms
https://notcve.org/view.php?id=CVE-2016-0714
22 Feb 2016 — The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. La implementación de persistencia de sesión en Apache Tomcat 6.x en versiones anteriores a 6.0.45, 7.x en versiones anteriores a 7.0.68, 8.x... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html • CWE-264: Permissions, Privileges, and Access Controls CWE-290: Authentication Bypass by Spoofing •