Published: 09/07/2013 Updated: 22/04/2019

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux 5
redhat enterprise linux 6.0
redhat jboss enterprise web server 1.0.2
redhat jboss enterprise web server 2.0.0

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 102 and 200, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initdlog, (b) tomcat6-initdlog, (c) catalinaout, or (d) tomca ...

CWE-59 http://rhn.redhat.com/errata/RHSA-2013-0871.html https://bugzilla.redhat.com/show_bug.cgi?id=927622 http://rhn.redhat.com/errata/RHSA-2013-0872.html http://rhn.redhat.com/errata/RHSA-2013-0869.html http://rhn.redhat.com/errata/RHSA-2013-0870.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2013-196.html https://access.redhat.com/security/cve/cve-2013-1976

CVE-2013-1976

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect