Published: 13/10/2016 Updated: 23/07/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerability Trend

Vendor Advisories

Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfilesd/tomcatconf writeable to the tomcat group A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges ...
Oracle Linux Bulletin - October 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...


============================================= - Discovered by: Dawid Golunski - legalhackerscom - dawid (at) legalhackerscom - CVE-2016-5425 - Release date: 10102016 - Revision: 1 - Severity: High ============================================= I VULNERABILITY ------------------------- Apache Tomcat (packaging on RedHat-based distros ...

Mailing Lists

Apache Tomcat versions 8, 7, and 6 suffer from a privilege escalation vulnerability on RedHat-based distros ...

Github Repositories


vul-info-collect 漏洞信息统计,用于获取特定软件版本漏洞的简要统计信息:CVE,漏洞总数、严重、高危、中危、低危漏洞个数,以及简单的文本和网页展示效果。 更新日志 2020118 内容:修改脚本以适应NVD界面变化 & cvss v3未评分异常。 增加脚本:script-v21py 和 script-v31py Sample - v2 upd