CVE-2016-5425 in Tomcatinfo

Summary

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/10/2016

Disclosure

10/13/2016

Moderation

VulDB entry created

Entries

1: VDB-92549

CPE

ready

CWE

CWE-264 (Confirmed)

Exploit

Download

CVSS

7.8

EPSS

0.11552

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-5425
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-5425
CVE Details	https://www.cvedetails.com/cve/CVE-2016-5425/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!