Apache Tomcat CVE-2016-6816 Input Validation Bypass Vulnerability

description-logoDescription

The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

affected-products-logoAffected Applications

Apache Tomcat

CVE References

CVE-2016-6816