CVE-2016-6816 log

Severity Medium
Remote Yes
Type Information disclosure
The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response, the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
Group Package Affected Fixed Severity Status Ticket
AVG-84 tomcat6 6.0.47-1 6.0.48-1 High Fixed
Date Advisory Group Package Severity Type
23 Nov 2016 ASA-201611-22 AVG-84 tomcat6 High multiple issues