Описание
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
Отчет
This flaw pertains to the init scripts provided by the RPM distribution of tomcat in various Red Hat products. ZIP distributions do not include init scripts, and are not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | others | Not affected | ||
| Red Hat Enterprise Linux 5 | tomcat5 | Fixed | RHSA-2013:0870 | 28.05.2013 |
| Red Hat Enterprise Linux 6 | tomcat6 | Fixed | RHSA-2013:0869 | 28.05.2013 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 | tomcat5 | Fixed | RHSA-2013:0872 | 28.05.2013 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 | tomcat6 | Fixed | RHSA-2013:0872 | 28.05.2013 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 | tomcat5 | Fixed | RHSA-2013:0872 | 28.05.2013 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 | tomcat6 | Fixed | RHSA-2013:0872 | 28.05.2013 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 | tomcat6 | Fixed | RHSA-2013:0871 | 28.05.2013 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 | tomcat7 | Fixed | RHSA-2013:0871 | 28.05.2013 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 6 | tomcat6 | Fixed | RHSA-2013:0871 | 28.05.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
EPSS
6.9 Medium
CVSS2