7.8
CVE-2016-5425
- EPSS 3.78%
- Veröffentlicht 13.10.2016 14:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Tomcat Version-
Oracle ≫ Instantis Enterprisetrack Version17.1
Oracle ≫ Instantis Enterprisetrack Version17.2
Oracle ≫ Instantis Enterprisetrack Version17.3
Oracle ≫ Linux Version7 Update-
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.2
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server Eus Version7.2
Redhat ≫ Enterprise Linux Server Eus Version7.3
Redhat ≫ Enterprise Linux Server Eus Version7.4
Redhat ≫ Enterprise Linux Server Eus Version7.5
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version7.7
Redhat ≫ Enterprise Linux Server Tus Version7.2
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version7.0
Oracle ≫ Instantis Enterprisetrack Version17.2
Oracle ≫ Instantis Enterprisetrack Version17.3
Oracle ≫ Linux Version7 Update-
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.2
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Aus Version7.7
Redhat ≫ Enterprise Linux Server Eus Version7.2
Redhat ≫ Enterprise Linux Server Eus Version7.3
Redhat ≫ Enterprise Linux Server Eus Version7.4
Redhat ≫ Enterprise Linux Server Eus Version7.5
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version7.7
Redhat ≫ Enterprise Linux Server Tus Version7.2
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.7
Redhat ≫ Enterprise Linux Workstation Version7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.78% | 0.886 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
http://rhn.redhat.com/errata/RHSA-2016-2046.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E
http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
http://packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.html
http://www.openwall.com/lists/oss-security/2016/10/10/2
http://www.securityfocus.com/bid/93472
http://www.securitytracker.com/id/1036979
https://www.exploit-db.com/exploits/40488/