CVEs-PoC/2016/CVE-2016-6796.md

### [CVE-2016-6796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6796)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=6.0.0%20to%206.0.45%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.0%20to%207.0.70%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=8.0.0.RC1%20to%208.0.36%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=8.5.0%20to%208.5.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=9.0.0.M1%20to%209.0.0.M9%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Sandbox%20escape&color=brightgreen)

### Description

A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuoct2021.html

#### Github
- https://github.com/dusbot/cpe2cve
- https://github.com/m3n0sd0n4ld/uCVE