OVAL Reference oval:com.ubuntu.xenial:def:20160706000

Oval Definition:

oval:com.ubuntu.xenial:def:20160706000

Revision Date:	2016-02-24	Version:	1
Title:	CVE-2016-0706 on Ubuntu 16.04 LTS (xenial) - medium.
Description:	Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2016-0706
Platform(s):	Ubuntu 16.04 LTS	Product(s):
Definition Synopsis
Ubuntu 16.04 LTS (xenial) is installed. AND Package Information The 'tomcat6' package in xenial was vulnerable but has been fixed (note: '6.0.45+dfsg-1'). OR NOT While related to the CVE in some way, the 'tomcat7' package in xenial is not affected (note: '7.0.68-1'). OR NOT While related to the CVE in some way, the 'tomcat8' package in xenial is not affected (note: '8.0.32-1ubuntu1').