CVE-2016-5425
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 13 Oct 2016, 14:00
Last modified:06 Aug 2024, 01:00
Vulnerability Summary
Overall Risk (default)
medium
44/100 CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
11.55% MEDIUM
12% probability -2.92%
KEV
Not listed
Ransomware
No reports
Public exploits
4 found
Dark Web
Not detected
Timeline
13 Oct 2016, 14:00
Published
Vulnerability first disclosed
06 Aug 2024, 01:00
Last Modified
Vulnerability information updated
Description
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 11.55%• Percentile: 94%
Techniques & Countermeasures
- CWE-276•Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Affected Systems
- Unknown•Tomcat
na
References (10)
- http://www.securitytracker.com/id/1036979
- http://www.securityfocus.com/bid/93472
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.html
- http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
- http://www.openwall.com/lists/oss-security/2016/10/10/2
- http://rhn.redhat.com/errata/RHSA-2016-2046.html
- https://www.exploit-db.com/exploits/40488/
- https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html