CVE-2016-6325

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-6325
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector : AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://rhn.redhat.com/errata/RHSA-2016-2045.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2016-2046.html Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.securityfocus.com/bid/93478
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://bugzilla.redhat.com/show_bug.cgi?id=1367447 Issue Tracking VDB Entry Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*
OR cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
History

12 Feb 2023, 23:24

Type Values Removed Values Added
Summary It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2017:0457', 'name': 'https://access.redhat.com/errata/RHSA-2017:0457', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2016-6325', 'name': 'https://access.redhat.com/security/cve/CVE-2016-6325', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2016:2045', 'name': 'https://access.redhat.com/errata/RHSA-2016:2045', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2016:2046', 'name': 'https://access.redhat.com/errata/RHSA-2016:2046', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 21:17

Type Values Removed Values Added
References
  • (MISC) https://access.redhat.com/errata/RHSA-2017:0457 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2016-6325 -
  • (MISC) https://access.redhat.com/errata/RHSA-2016:2045 -
  • (MISC) https://access.redhat.com/errata/RHSA-2016:2046 -
Summary The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges.
Information

Published : 2016-10-13 14:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-6325

Mitre link : CVE-2016-6325

CVE.ORG link : CVE-2016-6325

JSON object : View

Products Affected

apache

  • tomcat

redhat

  • jboss_web_server
  • jboss_enterprise_web_server
  • enterprise_linux
  • enterprise_linux_hpc_node
  • enterprise_linux_server_aus
  • enterprise_linux_server_eus
  • enterprise_linux_hpc_node_eus
  • enterprise_linux_server
  • enterprise_linux_workstation
  • enterprise_linux_desktop
CWE
CWE-264

Permissions, Privileges, and Access Controls