Описание
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | not-affected | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | not-affected | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | |
| precise | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | not-affected | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | not-affected |
Показывать по
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBo ...
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
EPSS
7.2 High
CVSS2
7.8 High
CVSS3