Oval Definition:oval:com.ubuntu.artful:def:20160763000
Revision Date:2016-02-24Version:1
Title:CVE-2016-0763 on Ubuntu 17.10 (artful) - medium.
Description:The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2016-0763
Platform(s):Ubuntu 17.10
Product(s):
Definition Synopsis
  • Ubuntu 17.10 (artful) is installed.
  • AND Package Information
  • NOT While related to the CVE in some way, the 'tomcat7' package in artful is not affected (note: '7.0.68-1').
  • OR NOT While related to the CVE in some way, the 'tomcat8' package in artful is not affected (note: '8.0.32-1ubuntu1').
  • BACK