Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2016-6325

Published: 13/10/2016 Updated: 12/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Tomcat

Vulnerability Summary

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat -

Vendor Advisories

Red Hat: Important: tomcat6 security and bug fix update
Synopsis Important: tomcat6 security and bug fix update Type/Severity Security Advisory: Important Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Important: tomcat security update
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Red Hat: Important: Red Hat JBoss Web Server security and enhancement update
Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Amazon Linux AMI: ALAS-2016-764
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges (CVE-2016-6325) A malicious web application was able to bypass a configu ...
Red Hat: CVE-2016-6325
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges ...

References

CWE-264http://rhn.redhat.com/errata/RHSA-2016-2045.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1367447http://rhn.redhat.com/errata/RHSA-2016-2046.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlhttp://www.securityfocus.com/bid/93478https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0455http://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2016:2045https://alas.aws.amazon.com/ALAS-2016-764.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook