Apache Tomcat on Red Hat access control

A vulnerability, which was classified as critical, has been found in Apache Tomcat on Red Hat (Application Server Software) (unknown version). This issue affects some unknown functionality. Upgrading eliminates this vulnerability. A possible mitigation has been published 2 months after the disclosure of the vulnerability.

Field10/12/2016 10:09 AM05/07/2019 04:56 PM09/22/2022 07:23 PM
typeApplication Server SoftwareApplication Server SoftwareApplication Server Software
vendorApacheApacheApache
nameTomcatTomcatTomcat
platformRed HatRed HatRed Hat
cwe264 (access control)264 (access control)264 (access control)
risk222
cvss2_vuldb_basescore7.57.57.5
cvss2_vuldb_tempscore5.65.65.6
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_nvd_avLLL
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciCCC
cvss2_nvd_iiCCC
cvss2_nvd_aiCCC
cvss3_meta_basescore7.87.87.8
cvss3_meta_tempscore6.76.77.2
cvss3_vuldb_basescore7.87.87.8
cvss3_vuldb_tempscore6.76.76.7
cvss3_nvd_avLLL
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
advisoryquoteApache Tomcat packages provided by default repositories of RedHat-based distributions (including CentOS, RedHat, OracleLinux, Fedora, etc.) create a tmpfiles.d configuration file with insecure permissions which allow attackers who are able to write files with tomcat user permissions (for example, through a vulnerability in web application hosted on Tomcat) to escalate their privileges from tomcat user to root and fully compromise the target system.Apache Tomcat packages provided by default repositories of RedHat-based distributions (including CentOS, RedHat, OracleLinux, Fedora, etc.) create a tmpfiles.d configuration file with insecure permissions which allow attackers who are able to write files with tomcat user permissions (for example, through a vulnerability in web application hosted on Tomcat) to escalate their privileges from tomcat user to root and fully compromise the target system.Apache Tomcat packages provided by default repositories of RedHat-based distributions (including CentOS, RedHat, OracleLinux, Fedora, etc.) create a tmpfiles.d configuration file with insecure permissions which allow attackers who are able to write files with tomcat user permissions (for example, through a vulnerability in web application hosted on Tomcat) to escalate their privileges from tomcat user to root and fully compromise the target system.
date1476057600 (10/10/2016)1476057600 (10/10/2016)1476057600 (10/10/2016)
locationFull-DisclosureFull-DisclosureFull-Disclosure
typeMailinglist PostMailinglist PostMailinglist Post
urlhttp://seclists.org/fulldisclosure/2016/Oct/35http://seclists.org/fulldisclosure/2016/Oct/35http://seclists.org/fulldisclosure/2016/Oct/35
person_nameDawid GolunskiDawid GolunskiDawid Golunski
price_0day$5k-$25k$5k-$25k$5k-$25k
cveCVE-2016-5425CVE-2016-5425CVE-2016-5425
cve_nvd_published147631680014763168001476316800
securityfocus934729347293472
securityfocus_titleApache Tomcat CVE-2016-5425 Insecure File Permissions VulnerabilityApache Tomcat CVE-2016-5425 Insecure File Permissions VulnerabilityApache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
exploitdb404884048840488
nessus_id949979499794997
nessus_nameFedora 25 : 1:tomcat (2016-38e5b05260) (httpoxy)Fedora 25 : 1:tomcat (2016-38e5b05260) (httpoxy)Fedora 25 : 1:tomcat (2016-38e5b05260) (httpoxy)
nessus_filenamefedora_2016-38e5b05260.naslfedora_2016-38e5b05260.naslfedora_2016-38e5b05260.nasl
nessus_riskHighHighHigh
nessus_familyFedora Local Security ChecksFedora Local Security ChecksFedora Local Security Checks
nessus_typelocallocallocal
nessus_date1479686400 (11/21/2016)1479686400 (11/21/2016)1479686400 (11/21/2016)
openvas_id841694841694841694
openvas_filenamegb_RHSA-2016_2046-01_tomcat.naslgb_RHSA-2016_2046-01_tomcat.naslgb_RHSA-2016_2046-01_tomcat.nasl
openvas_titleRedHat Update for tomcat RHSA-2016:2046-01RedHat Update for tomcat RHSA-2016:2046-01RedHat Update for tomcat RHSA-2016:2046-01
openvas_familyRed Hat Local Security ChecksRed Hat Local Security ChecksRed Hat Local Security Checks
qualys_id236112236112236112
qualys_titleRed Hat Update for tomcat (RHSA-2016:2046)Red Hat Update for tomcat (RHSA-2016:2046)Red Hat Update for tomcat (RHSA-2016:2046)
mischttp://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.htmlhttp://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.htmlhttp://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
seealso89670 92708 9273189670 92708 9273189670 92708 92731
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcURURUR
cvss3_vuldb_ePPP
cvss3_vuldb_rlOOO
cvss3_vuldb_rcRRR
reaction_days404040
exposure_days404040
cvss3_nvd_basescore7.87.87.8
cvss3_vuldb_avLL
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
confirm_urlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
availability11
publicity11
urlhttps://www.exploit-db.com/exploits/40488/https://www.exploit-db.com/exploits/40488/
nameUpgradeUpgrade
date1479513600 (11/19/2016)1479513600 (11/19/2016)
cve_assigned1465516800 (06/10/2016)1465516800 (06/10/2016)
securityfocus_date1476057600 (10/10/2016)1476057600 (10/10/2016)
securityfocus_classDesign ErrorDesign Error
sectracker1036979
cve_nvd_summaryThe Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
cvss2_nvd_basescore7.2
identifierRHSA-2016:2046

Do you need the next level of professionalism?

Upgrade your account now!