---

CVE-2016-6816 - log back

CVE-2016-6816 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Information disclosure
Description	+ The code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response, the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
References	+ https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48 + http://www.openwall.com/lists/oss-security/2016/11/22/17
Notes