CVE-2016-5425
Published Oct 13, 2016
Last updated 2 years ago
Overview
- Description
- The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-276
Social media
- Hype score
- Not currently trending
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB5FCB11-3FCA-4EB4-8FA6-87B356B80739" } ], "operator": "OR" }, { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4" }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4" }, { "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3" }, { "criteria": "cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44B8FEDF-6CB0-46E9-9AD7-4445B001C158" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8" }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97" } ], "operator": "OR" } ], "operator": "AND" } ]