Published: 03/10/2016 Updated: 06/02/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The Tomcat init script in the tomcat7 package prior to 7.0.56-3+deb8u4 and tomcat8 package prior to 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages prior to 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages prior to 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages prior to 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 6.0
apache tomcat 7.0
apache tomcat 8.0

Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...

The system could be made to run programs as an administrator ...

Debian Bug report logs - #842663 CVE-2016-5018: Apache Tomcat Security Manager Bypass Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 ...

# OpenVAS Vulnerability Test # $Id: deb_3670nasl 14279 2019-03-18 14:48:34Z cfischer $ # Auto-generated from advisory DSA 3670-1 using nvtgen 10 # Script version: 10 # # Author: # Greenbone Networks # # Copyright: # Copyright (c) 2016 Greenbone Networks GmbH greenbonenet # Text descriptions are largely excerpted from the referenced # adv ...

Debian Bug report logs - #842665 CVE-2016-6796: Apache Tomcat Security Manager Bypass Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 ...

Debian Bug report logs - #840685 TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Paul Szabo <paulszabo@sydneyeduau> Date: Thu, 13 Oct 2016 20:30:02 UT ...

Debian Bug report logs - #842664 CVE-2016-6794: Apache Tomcat System Property Disclosure Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, ...

Debian Bug report logs - #842666 CVE-2016-6797: Apache Tomcat Unrestricted Access to Global Resources Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> ...

Debian Bug report logs - #842662 CVE-2016-0762: Apache Tomcat Realm Timing Attack Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Guido Günther <agx@sigxcpuorg> Date: Mon, 31 Oct ...

It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation ...

============================================= - Discovered by: Dawid Golunski - legalhackerscom - dawid (at) legalhackerscom - CVE-2016-1240 - Release date: 30092016 - Revision: 1 - Severity: High ============================================= I VULNERABILITY ------------------------- Apache Tomcat packaging on Debian-based distros - ...

Apache Tomcat versions 8036-2 and below, 7070-2 and below, and 6045+dfsg-1~deb8ul and below suffer from a local root privilege escalation vulnerability ...

This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the tomcat user to root and fully compromise the target syst ...

Reproducible exploits for: CVE-2016-1240 CVE-2008-2938 CVE-2014-2064 CVE-2014-1904

Offensive technologies course This repository contains descriptions of several vulnerabilities and the code that exploits them Exploitable environments can be found in /dockerfiles/victim folder Attacker environments can be found in /dockerfiles/attacker folder Everything comes as Docker images Exploited CVEs: CVE-2008-2938 (Tomcat path traversal) CVE-2014-1904 (Spring pat

CWE-20 http://www.debian.org/security/2016/dsa-3670 http://www.ubuntu.com/usn/USN-3081-1 http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html http://www.securitytracker.com/id/1036845 http://www.debian.org/security/2016/dsa-3669 http://www.securityfocus.com/bid/93263 https://security.gentoo.org/glsa/201705-09 https://www.exploit-db.com/exploits/40450/https://access.redhat.com/errata/RHSA-2017:0456 https://access.redhat.com/errata/RHSA-2017:0455 http://rhn.redhat.com/errata/RHSA-2017-0457.html https://security.netapp.com/advisory/ntap-20180731-0002/http://www.securityfocus.com/archive/1/539519/100/0/threaded http://packetstormsecurity.com/files/170857/Apache-Tomcat-On-Ubuntu-Log-Init-Privilege-Escalation.html https://access.redhat.com/errata/RHSA-2017:0457 https://usn.ubuntu.com/3081-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/40450/

CVE-2016-1240

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect