CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-0763

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.8%

CVSS Severity

CVSS v3 Score 6.3

CVSS v2 Score 6.5

References

Products affected by CVE-2016-0763

Apache » Tomcat » Version: 7.0.0

cpe:2.3:a:apache:tomcat:7.0.0
Apache » Tomcat » Version: 7.0.10

cpe:2.3:a:apache:tomcat:7.0.10
Apache » Tomcat » Version: 7.0.11

cpe:2.3:a:apache:tomcat:7.0.11
Apache » Tomcat » Version: 7.0.12

cpe:2.3:a:apache:tomcat:7.0.12
Apache » Tomcat » Version: 7.0.14

cpe:2.3:a:apache:tomcat:7.0.14
Apache » Tomcat » Version: 7.0.16

cpe:2.3:a:apache:tomcat:7.0.16
Apache » Tomcat » Version: 7.0.19

cpe:2.3:a:apache:tomcat:7.0.19
Apache » Tomcat » Version: 7.0.2

cpe:2.3:a:apache:tomcat:7.0.2
Apache » Tomcat » Version: 7.0.20

cpe:2.3:a:apache:tomcat:7.0.20
Apache » Tomcat » Version: 7.0.21

cpe:2.3:a:apache:tomcat:7.0.21
Apache » Tomcat » Version: 7.0.22

cpe:2.3:a:apache:tomcat:7.0.22
Apache » Tomcat » Version: 7.0.23

cpe:2.3:a:apache:tomcat:7.0.23
Apache » Tomcat » Version: 7.0.25

cpe:2.3:a:apache:tomcat:7.0.25
Apache » Tomcat » Version: 7.0.26

cpe:2.3:a:apache:tomcat:7.0.26
Apache » Tomcat » Version: 7.0.27

cpe:2.3:a:apache:tomcat:7.0.27
Apache » Tomcat » Version: 7.0.28

cpe:2.3:a:apache:tomcat:7.0.28
Apache » Tomcat » Version: 7.0.29

cpe:2.3:a:apache:tomcat:7.0.29
Apache » Tomcat » Version: 7.0.30

cpe:2.3:a:apache:tomcat:7.0.30
Apache » Tomcat » Version: 7.0.32

cpe:2.3:a:apache:tomcat:7.0.32
Apache » Tomcat » Version: 7.0.33

cpe:2.3:a:apache:tomcat:7.0.33
Apache » Tomcat » Version: 7.0.34

cpe:2.3:a:apache:tomcat:7.0.34
Apache » Tomcat » Version: 7.0.35

cpe:2.3:a:apache:tomcat:7.0.35
Apache » Tomcat » Version: 7.0.37

cpe:2.3:a:apache:tomcat:7.0.37
Apache » Tomcat » Version: 7.0.39

cpe:2.3:a:apache:tomcat:7.0.39
Apache » Tomcat » Version: 7.0.4

cpe:2.3:a:apache:tomcat:7.0.4
Apache » Tomcat » Version: 7.0.40

cpe:2.3:a:apache:tomcat:7.0.40
Apache » Tomcat » Version: 7.0.41

cpe:2.3:a:apache:tomcat:7.0.41
Apache » Tomcat » Version: 7.0.42

cpe:2.3:a:apache:tomcat:7.0.42
Apache » Tomcat » Version: 7.0.47

cpe:2.3:a:apache:tomcat:7.0.47
Apache » Tomcat » Version: 7.0.5

cpe:2.3:a:apache:tomcat:7.0.5
Apache » Tomcat » Version: 7.0.50

cpe:2.3:a:apache:tomcat:7.0.50
Apache » Tomcat » Version: 7.0.52

cpe:2.3:a:apache:tomcat:7.0.52
Apache » Tomcat » Version: 7.0.53

cpe:2.3:a:apache:tomcat:7.0.53
Apache » Tomcat » Version: 7.0.54

cpe:2.3:a:apache:tomcat:7.0.54
Apache » Tomcat » Version: 7.0.55

cpe:2.3:a:apache:tomcat:7.0.55
Apache » Tomcat » Version: 7.0.56

cpe:2.3:a:apache:tomcat:7.0.56
Apache » Tomcat » Version: 7.0.57

cpe:2.3:a:apache:tomcat:7.0.57
Apache » Tomcat » Version: 7.0.59

cpe:2.3:a:apache:tomcat:7.0.59
Apache » Tomcat » Version: 7.0.6

cpe:2.3:a:apache:tomcat:7.0.6
Apache » Tomcat » Version: 7.0.61

cpe:2.3:a:apache:tomcat:7.0.61
Apache » Tomcat » Version: 7.0.62

cpe:2.3:a:apache:tomcat:7.0.62
Apache » Tomcat » Version: 7.0.63

cpe:2.3:a:apache:tomcat:7.0.63
Apache » Tomcat » Version: 7.0.64

cpe:2.3:a:apache:tomcat:7.0.64
Apache » Tomcat » Version: 7.0.65

cpe:2.3:a:apache:tomcat:7.0.65
Apache » Tomcat » Version: 7.0.67

cpe:2.3:a:apache:tomcat:7.0.67
Apache » Tomcat » Version: 8.0.0

cpe:2.3:a:apache:tomcat:8.0.0
Apache » Tomcat » Version: 8.0.1

cpe:2.3:a:apache:tomcat:8.0.1
Apache » Tomcat » Version: 8.0.11

cpe:2.3:a:apache:tomcat:8.0.11
Apache » Tomcat » Version: 8.0.12

cpe:2.3:a:apache:tomcat:8.0.12
Apache » Tomcat » Version: 8.0.14

cpe:2.3:a:apache:tomcat:8.0.14
Apache » Tomcat » Version: 8.0.15

cpe:2.3:a:apache:tomcat:8.0.15
Apache » Tomcat » Version: 8.0.17

cpe:2.3:a:apache:tomcat:8.0.17
Apache » Tomcat » Version: 8.0.18

cpe:2.3:a:apache:tomcat:8.0.18
Apache » Tomcat » Version: 8.0.20

cpe:2.3:a:apache:tomcat:8.0.20
Apache » Tomcat » Version: 8.0.21

cpe:2.3:a:apache:tomcat:8.0.21
Apache » Tomcat » Version: 8.0.22

cpe:2.3:a:apache:tomcat:8.0.22
Apache » Tomcat » Version: 8.0.23

cpe:2.3:a:apache:tomcat:8.0.23
Apache » Tomcat » Version: 8.0.24

cpe:2.3:a:apache:tomcat:8.0.24
Apache » Tomcat » Version: 8.0.26

cpe:2.3:a:apache:tomcat:8.0.26
Apache » Tomcat » Version: 8.0.27

cpe:2.3:a:apache:tomcat:8.0.27
Apache » Tomcat » Version: 8.0.28

cpe:2.3:a:apache:tomcat:8.0.28
Apache » Tomcat » Version: 8.0.29

cpe:2.3:a:apache:tomcat:8.0.29
Apache » Tomcat » Version: 8.0.3

cpe:2.3:a:apache:tomcat:8.0.3
Apache » Tomcat » Version: 8.0.30

cpe:2.3:a:apache:tomcat:8.0.30
Apache » Tomcat » Version: 9.0.0

cpe:2.3:a:apache:tomcat:9.0.0
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 15.10

cpe:2.3:o:canonical:ubuntu_linux:15.10
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Debian » Debian Linux » Version: 7.0

cpe:2.3:o:debian:debian_linux:7.0
Debian » Debian Linux » Version: 8.0

cpe:2.3:o:debian:debian_linux:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-0763

Products

Pricing

Contact Us