CVE-2016-1240
Vulnerability Summary
Timeline
Description
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
CVSS Metrics
- v3.0•HIGH•Score: 7.8CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 22.22%• Percentile: 96%
Techniques & Countermeasures
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Systems
- Unknown•Tomcat
6.0 | 7.0 | 8.0
References (14)
- http://www.securitytracker.com/id/1036845
- http://www.debian.org/security/2016/dsa-3670
- https://security.gentoo.org/glsa/201705-09
- http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html
- http://www.securityfocus.com/bid/93263
- http://rhn.redhat.com/errata/RHSA-2017-0457.html
- https://security.netapp.com/advisory/ntap-20180731-0002/
- https://www.exploit-db.com/exploits/40450/
- http://www.debian.org/security/2016/dsa-3669
- https://access.redhat.com/errata/RHSA-2017:0455
- http://www.securityfocus.com/archive/1/539519/100/0/threaded
- https://access.redhat.com/errata/RHSA-2017:0456
- http://www.ubuntu.com/usn/USN-3081-1
- http://packetstormsecurity.com/files/170857/Apache-Tomcat-On-Ubuntu-Log-Init-Privilege-Escalation.html