Security Advisory

CVE-2016-6797

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-08-10 22:00:00

Last updated 2024-09-17 04:24:37

Assigner apache

State PUBLISHED

Description

The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.

← Browse all CVEs View on cve.org ↗