Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6325

Опубликовано: 10 окт. 2016
Источник: redhat
CVSS3: 7.8
CVSS2: 6.9
EPSS Низкий

Описание

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Will not fix
Red Hat JBoss Enterprise Web Server 2tomcatWill not fix
Red Hat JBoss Enterprise Web Server 3tomcatFix deferred
Red Hat Enterprise Linux 6tomcat6FixedRHSA-2016:204510.10.2016
Red Hat Enterprise Linux 7tomcatFixedRHSA-2016:204610.10.2016
Red Hat JBoss Web Server 3.1FixedRHSA-2017:045707.03.2017
Red Hat JBoss Web Server 3 for RHEL 6hibernate4-eap6FixedRHSA-2017:045507.03.2017
Red Hat JBoss Web Server 3 for RHEL 6jbcs-httpd24FixedRHSA-2017:045507.03.2017
Red Hat JBoss Web Server 3 for RHEL 6jbcs-httpd24-apache-commons-daemonFixedRHSA-2017:045507.03.2017
Red Hat JBoss Web Server 3 for RHEL 6jbcs-httpd24-apache-commons-daemon-jsvcFixedRHSA-2017:045507.03.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-284
https://bugzilla.redhat.com/show_bug.cgi?id=1367447tomcat: tomcat writable config files allow privilege escalation

EPSS

Процентиль: 22%
0.00069
Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6325

CVSS3: 7.8
ubuntu
больше 8 лет назад

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

nvd логотип

CVE-2016-6325

CVSS3: 7.8
nvd
больше 8 лет назад

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

debian логотип

CVE-2016-6325

CVSS3: 7.8
debian
больше 8 лет назад

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBo ...

github логотип

GHSA-398j-w8vh-r865

CVSS3: 7.8
github
около 3 лет назад

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

oracle-oval логотип

ELSA-2016-2046

oracle-oval
больше 8 лет назад

ELSA-2016-2046: tomcat security update (IMPORTANT)

EPSS

Процентиль: 22%
0.00069
Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2