The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
References
Configurations
Configuration 1 (hide)
AND |
|
History
12 Feb 2023, 23:24
Type | Values Removed | Values Added |
---|---|---|
Summary | The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. | |
References |
|
02 Feb 2023, 21:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. |
Information
Published : 2016-10-13 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-6325
Mitre link : CVE-2016-6325
CVE.ORG link : CVE-2016-6325
JSON object : View
Products Affected
apache
- tomcat
redhat
- jboss_web_server
- jboss_enterprise_web_server
- enterprise_linux
- enterprise_linux_hpc_node
- enterprise_linux_server_aus
- enterprise_linux_server_eus
- enterprise_linux_hpc_node_eus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
CWE
CWE-264
Permissions, Privileges, and Access Controls