CVE-2016-6816 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response, the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-84	tomcat6	6.0.47-1	6.0.48-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
23 Nov 2016	ASA-201611-22	AVG-84	tomcat6	High	multiple issues

References
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48 http://www.openwall.com/lists/oss-security/2016/11/22/17