{"id":"CVE-2016-0706","details":"Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.","aliases":["GHSA-6vx3-hr43-cfrh"],"modified":"2026-04-11T12:00:06.263483Z","published":"2016-02-25T01:59:04.340Z","related":["MGASA-2016-0090","SUSE-SU-2016:0769-1","SUSE-SU-2016:0822-1","SUSE-SU-2016:0839-1","openSUSE-SU-2024:10446-1","openSUSE-SU-2024:13441-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.0-alpha"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.10"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.11"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.13"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.14"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.16"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.18"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.1-alpha"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.20"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.24"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.26"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.28"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.29"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.2"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.2-alpha"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.2-beta"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.30"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.32"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.33"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.35"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.36"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.37:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.37"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.39:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.39"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.41:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.41"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.43:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.43"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.44:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.44"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.4"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0.4-alpha"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0.0-beta"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0.2-beta"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0.4-beta"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:7.0.5:beta:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0.5-beta"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.0-rc10"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.0-rc1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.0:rc3:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.0-rc3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.0-rc5"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.11:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.11"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.12:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.12"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.14:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.14"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.15:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.15"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.17:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.17"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.18:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.18"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.1"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.20:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.20"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.21:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.21"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.22:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.22"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.23:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.23"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.24:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.24"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.26:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.26"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.27:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.27"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.28:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.28"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.29:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.29"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.30:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.30"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0.3"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"12.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"14.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.10"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","extracted_events":[{"last_affected":"16.04"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00082.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"},{"type":"WEB","url":"http://svn.apache.org/viewvc?view=revision&revision=1722800"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/83324"},{"type":"WEB","url":"http://www.securitytracker.com/id/1035069"},{"type":"WEB","url":"https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"http://marc.info/?l=bugtraq&m=145974991225029&w=2"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1089.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2045.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2599.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2807.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2808.html"},{"type":"ADVISORY","url":"http://tomcat.apache.org/security-6.html"},{"type":"ADVISORY","url":"http://tomcat.apache.org/security-7.html"},{"type":"ADVISORY","url":"http://tomcat.apache.org/security-8.html"},{"type":"ADVISORY","url":"http://tomcat.apache.org/security-9.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3530"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3552"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3609"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3024-1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1087"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2016:1088"},{"type":"ADVISORY","url":"https://bto.bluecoat.com/security-advisory/sa118"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-09"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180531-0001/"},{"type":"REPORT","url":"http://svn.apache.org/viewvc?view=revision&revision=1722799"},{"type":"REPORT","url":"http://svn.apache.org/viewvc?view=revision&revision=1722801"},{"type":"REPORT","url":"http://svn.apache.org/viewvc?view=revision&revision=1722802"},{"type":"ARTICLE","url":"http://seclists.org/bugtraq/2016/Feb/144"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"0"},{"last_affected":"e498667bd7811e846771a852b16ce9f1e524b81b"},{"last_affected":"4a39288c6eab999452c72af9fd1a0c12b054ca9f"},{"last_affected":"8b83cefaf2a454706f03f509944ca46103db4d13"},{"last_affected":"85cfeb746b8ea0d0e51cc4ced6053075f5460a36"},{"last_affected":"de47b464201769870a06764cdd5143a59cd95302"},{"last_affected":"c845090723d1118dbce1928f9468e1726b79c3b1"},{"last_affected":"9e0d31f12dbd5441097dbec493895ad4e07a6832"},{"last_affected":"892c777b9d5c051dc20aacfefc280ab02dbe2143"},{"last_affected":"eae5ead3864c4e2d528a874069828c6c12dee8a5"},{"last_affected":"ddd8de1c64ef852caca10ab876fed02cfe827ef1"},{"last_affected":"6e2c7f6227de95874c79f77bafe5ed26dfeb4021"},{"last_affected":"9f62bc56a0887353e58579153a30c64c5369efdb"},{"last_affected":"009cf0448025b6227b026e66f5351f0dcb3dd733"},{"last_affected":"68e114cf9fe0a83a888099c084b3036040afa518"},{"last_affected":"efa0e79f82f17880c0d7427918bc34a83243dfa6"},{"last_affected":"5e096bfd5a387f057766dc6b5217feae75b08331"},{"last_affected":"b7b373b84f1b80602ed62fb056be7c7ce429a15c"},{"last_affected":"86ecd2ad87b805992b9e4c2f2317feaab7a1e3fb"},{"last_affected":"7cfeba335a41dd3b0e423f12534e5936c461711c"},{"last_affected":"ba53773f48f31de787edb559db38e3e02d7efffd"},{"last_affected":"7e8629b4ff4152ae6285fa184745e9a1382ca440"},{"last_affected":"fec4a6d1d1f050401aec5c6a3bd0431850472d92"},{"last_affected":"3477614af783b612341fa6bc00c16b32d1791de8"},{"last_affected":"5f6f258107e7e463cce41187e13474f3c894693e"},{"last_affected":"2b858c0fce0db18ca733b161d7428f2cca214841"},{"last_affected":"1958059057715d26415839cabad78e685d4d02f1"},{"last_affected":"ad3da1182b0ed370ec233b925c69dcee826a9efe"},{"last_affected":"81d3e54a46de226a5a8f11bcc65195cddcc24f96"},{"last_affected":"d70fcee0390d1a82b108979d26a7a397a7418bc7"},{"last_affected":"1b734919fd5ee83a2905070dcbd6ffffff1beb63"},{"last_affected":"32583ea28061391c314a09a43fbee48c072940a9"},{"last_affected":"b7d6e626d03f61ccd6c92e8ea28df12e67d256e6"},{"last_affected":"47af1012111595546f31d9096a37a839f93caa62"},{"last_affected":"feaf3763fb37e4a9176ef46a2c80e34821077884"},{"last_affected":"30a7e7f7b48aa5f9f4a559635966d70901b5f51d"},{"last_affected":"be7e6137267298d6a7b1b3cd2cb1f3f605f9162b"},{"last_affected":"8d84136656655a20287cf2dac6ec7fd047979de5"},{"last_affected":"20bd21830dfe7864cac78acb1b7c825baa11bd85"},{"last_affected":"6b77b128188a5ed033da2998ff2f47f65aa4f7f8"},{"last_affected":"f6de6eb5445d266506fcf89d3962a622478c2c6c"},{"last_affected":"a6d2ed3eef40903b661d138ae7c8fbd9790d1928"},{"last_affected":"05e76dc1b6edcc2fa87d95de72a8a714267e462d"},{"last_affected":"29b07def810d335012e738b22ab44d4e232b50d1"}],"database_specific":{"cpe":["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.52:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.53:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.54:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.55:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.56:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.57:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.59:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.61:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.62:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.63:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.64:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.65:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:7.0.67:*:*:*:*:*:*:*","cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"7.0"},{"last_affected":"7.0.6"},{"last_affected":"7.0.10"},{"last_affected":"7.0.11"},{"last_affected":"7.0.12"},{"last_affected":"7.0.14"},{"last_affected":"7.0.16"},{"last_affected":"7.0.19"},{"last_affected":"7.0.20"},{"last_affected":"7.0.21"},{"last_affected":"7.0.22"},{"last_affected":"7.0.23"},{"last_affected":"7.0.25"},{"last_affected":"7.0.26"},{"last_affected":"7.0.27"},{"last_affected":"7.0.28"},{"last_affected":"7.0.29"},{"last_affected":"7.0.30"},{"last_affected":"7.0.32"},{"last_affected":"7.0.33"},{"last_affected":"7.0.34"},{"last_affected":"7.0.35"},{"last_affected":"7.0.37"},{"last_affected":"7.0.39"},{"last_affected":"7.0.40"},{"last_affected":"7.0.41"},{"last_affected":"7.0.42"},{"last_affected":"7.0.47"},{"last_affected":"7.0.50"},{"last_affected":"7.0.52"},{"last_affected":"7.0.53"},{"last_affected":"7.0.54"},{"last_affected":"7.0.55"},{"last_affected":"7.0.56"},{"last_affected":"7.0.57"},{"last_affected":"7.0.59"},{"last_affected":"7.0.61"},{"last_affected":"7.0.62"},{"last_affected":"7.0.63"},{"last_affected":"7.0.64"},{"last_affected":"7.0.65"},{"last_affected":"7.0.67"},{"last_affected":"9.0.0-milestone1"}],"source":"CPE_FIELD"}}],"versions":["7.0.0","7.0.10","7.0.11","7.0.12","7.0.14","7.0.16","7.0.19","7.0.20","7.0.21","7.0.22","7.0.23","7.0.25","7.0.26","7.0.27","7.0.28","7.0.29","7.0.30","7.0.32","7.0.33","7.0.34","7.0.35","7.0.37","7.0.39","7.0.40","7.0.41","7.0.42","7.0.47","7.0.50","7.0.52","7.0.53","7.0.54","7.0.55","7.0.56","7.0.57","7.0.59","7.0.6","7.0.61","7.0.62","7.0.63","7.0.64","7.0.65","7.0.67","9.0.0-M1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0706.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}