CVE-2016-6794: Information Exposure
(updated )
When a SecurityManager
is configured, a web application’s ability to read system properties should be controlled by the SecurityManager
. In Apache Tomcat, the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
References
Detect and mitigate CVE-2016-6794 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →