NVD Vulnerability Detail

CVE-2016-0763

Summary	The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
Publication Date	Feb. 25, 2016, 10:59 a.m.
Registration Date	Jan. 26, 2021, 2:04 p.m.
Last Update	Nov. 21, 2024, 11:42 a.m.

CVSS3.0 : MEDIUM
スコア	6.3
Vector	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低

CVSS2.0 : MEDIUM
Score	6.5
Vector	AV:N/AC:L/Au:S/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	単一
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:8.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:7.0.65:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.27:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.67:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:8.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:beta::::::
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:8.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html
2	http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179356.html
3	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
4	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html
5	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
6	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html
7	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
8	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html
9	http://rhn.redhat.com/errata/RHSA-2016-1089.html
10	http://rhn.redhat.com/errata/RHSA-2016-1089.html
11	http://rhn.redhat.com/errata/RHSA-2016-2599.html
12	http://rhn.redhat.com/errata/RHSA-2016-2599.html
13	http://rhn.redhat.com/errata/RHSA-2016-2807.html
14	http://rhn.redhat.com/errata/RHSA-2016-2807.html
15	http://rhn.redhat.com/errata/RHSA-2016-2808.html
16	http://rhn.redhat.com/errata/RHSA-2016-2808.html
17	http://seclists.org/bugtraq/2016/Feb/147
18	http://seclists.org/bugtraq/2016/Feb/147
19	http://svn.apache.org/viewvc?view=revision&revision=1725926
20	http://svn.apache.org/viewvc?view=revision&revision=1725926
21	http://svn.apache.org/viewvc?view=revision&revision=1725929
22	http://svn.apache.org/viewvc?view=revision&revision=1725929
23	http://svn.apache.org/viewvc?view=revision&revision=1725931
24	http://svn.apache.org/viewvc?view=revision&revision=1725931
25	http://tomcat.apache.org/security-7.html	Vendor Advisory
26	http://tomcat.apache.org/security-7.html	Vendor Advisory
27	http://tomcat.apache.org/security-8.html	Vendor Advisory
28	http://tomcat.apache.org/security-8.html	Vendor Advisory
29	http://tomcat.apache.org/security-9.html	Vendor Advisory
30	http://tomcat.apache.org/security-9.html	Vendor Advisory
31	http://www.debian.org/security/2016/dsa-3530
32	http://www.debian.org/security/2016/dsa-3530
33	http://www.debian.org/security/2016/dsa-3552
34	http://www.debian.org/security/2016/dsa-3552
35	http://www.debian.org/security/2016/dsa-3609
36	http://www.debian.org/security/2016/dsa-3609
37	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
38	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
39	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
40	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
41	http://www.securityfocus.com/bid/83326
42	http://www.securityfocus.com/bid/83326
43	http://www.securitytracker.com/id/1035069
44	http://www.securitytracker.com/id/1035069
45	http://www.ubuntu.com/usn/USN-3024-1
46	http://www.ubuntu.com/usn/USN-3024-1
47	https://access.redhat.com/errata/RHSA-2016:1087
48	https://access.redhat.com/errata/RHSA-2016:1087
49	https://access.redhat.com/errata/RHSA-2016:1088
50	https://access.redhat.com/errata/RHSA-2016:1088
51	https://bto.bluecoat.com/security-advisory/sa118
52	https://bto.bluecoat.com/security-advisory/sa118
53	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
54	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442
55	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
56	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626
57	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
58	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
59	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
60	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
61	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
62	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
63	https://security.gentoo.org/glsa/201705-09
64	https://security.gentoo.org/glsa/201705-09
65	https://security.netapp.com/advisory/ntap-20180531-0001/
66	https://security.netapp.com/advisory/ntap-20180531-0001/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

Apache Tomcat の org/apache/naming/factory/ResourceLinkFactory.java の setGlobalContext メソッドにおける SecurityManager の制限を回避される脆弱性

Title	Apache Tomcat の org/apache/naming/factory/ResourceLinkFactory.java の setGlobalContext メソッドにおける SecurityManager の制限を回避される脆弱性
Summary	Apache Tomcat の org/apache/naming/factory/ResourceLinkFactory.java の setGlobalContext メソッドは、ResourceLinkFactory.setGlobalContext の呼び出し元が許可されているかどうかを考慮しないため、SecurityManager の制限を回避され、任意のアプリケーションデータを読み書きされる、またはサービス運用妨害 (アプリケーションの中断) 状態にされる脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、巧妙に細工されたグローバルコンテキストを設定する Web アプリケーションを介して、SecurityManager の制限を回避され、任意のアプリケーションデータを読み書きされる、またはサービス運用妨害 (アプリケーションの中断) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 5, 2016, midnight
Registration Date	March 2, 2016, 3:58 p.m.
Last Update	Dec. 5, 2016, 4:57 p.m.

Affected System

Apache Software Foundation

Apache Tomcat 7.0.68 未満の 7.x

Apache Tomcat 8.0.32 未満の 8.x

Apache Tomcat 9.0.0.M3 未満の 9.x

Debian

Debian GNU/Linux

Canonical

Ubuntu

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-0763	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0763
National Vulnerability Database (NVD)
2	CVE-2016-0763	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0763

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Apache Tomcat
1	Fixed in Apache Tomcat 7.0.68	http://tomcat.apache.org/security-7.html
2	Fixed in Apache Tomcat 8.0.32	http://tomcat.apache.org/security-8.html
3	Fixed in Apache Tomcat 9.0.0.M3	http://tomcat.apache.org/security-9.html
Apache-SVN
4	Revision 1725926	http://svn.apache.org/viewvc?view=revision&revision=1725926
5	Revision 1725929	http://svn.apache.org/viewvc?view=revision&revision=1725929
6	Revision 1725931	http://svn.apache.org/viewvc?view=revision&revision=1725931
Debian Security Advisory
7	DSA-3530	http://www.debian.org/security/2016/dsa-3530
8	DSA-3552	http://www.debian.org/security/2016/dsa-3552
9	DSA-3609	http://www.debian.org/security/2016/dsa-3609
HPE Security Bulletin
10	HPSBGN03669	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755
11	HPSBOV03615	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05158626
12	HPSBUX03606	https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05150442
Oracle Critical Patch Update
13	Oracle Critical Patch Update Advisory - October 2016	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Ubuntu Security Notice
14	USN-3024-1	http://www.ubuntu.com/usn/USN-3024-1

その他

No	Name	URL
JVN
1	JVNVU#94679988	http://jvn.jp/vu/JVNVU94679988/

Change Log

No	Changed Details	Date of change
0	[2016年03月02日] 掲載 [2016年06月24日] ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBUX03606) を追加ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBOV03615) を追加 [2016年12月05日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2016) を追加ベンダ情報：Canonical (USN-3024-1) を追加ベンダ情報：Debian (DSA-3530) を追加ベンダ情報：Debian (DSA-3552) を追加ベンダ情報：Debian (DSA-3609) を追加ベンダ情報：ヒューレット・パッカード・エンタープライズ (HPSBGN03669) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:8.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:7.0.65:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.27:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.67:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:8.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:beta::::::
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:8.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::