CVE-2016-0714

CVE-2016-0714

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

Source: CVE-2016-0714

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다