Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5425

Опубликовано: 10 окт. 2016
Источник: redhat
CVSS3: 7
CVSS2: 6.9
EPSS Средний

Описание

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Developer Toolset 3.1devtoolset-3-tomcatNot affected
Red Hat Enterprise Linux 5tomcat5Not affected
Red Hat Enterprise Linux 6tomcat6Not affected
Red Hat JBoss Data Grid 6jbosswebNot affected
Red Hat JBoss Data Virtualization 6jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6tomcat7Not affected
Red Hat JBoss Enterprise Application Platform 7ScriptsNot affected
Red Hat JBoss Enterprise Web Server 2tomcat6Not affected
Red Hat JBoss Enterprise Web Server 2tomcat7Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1362545tomcat: Local privilege escalation via systemd-tmpfiles service

EPSS

Процентиль: 94%
0.14472
Средний

7 High

CVSS3

6.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5425

CVSS3: 7.8
ubuntu
больше 8 лет назад

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

nvd логотип

CVE-2016-5425

CVSS3: 7.8
nvd
больше 8 лет назад

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

debian логотип

CVE-2016-5425

CVSS3: 7.8
debian
больше 8 лет назад

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentO ...

github логотип

GHSA-c7fc-mp9g-99j3

CVSS3: 7.8
github
около 3 лет назад

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

oracle-oval логотип

ELSA-2016-2046

oracle-oval
больше 8 лет назад

ELSA-2016-2046: tomcat security update (IMPORTANT)

EPSS

Процентиль: 94%
0.14472
Средний

7 High

CVSS3

6.9 Medium

CVSS2