CVE-2016-6816 Red Hat Update for tomcat Security (RHSA-2017:0935)

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)

On successful exploitation the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own.

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:0935 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:0935: Red Hat Enterprise Linux