CVE-2013-1976

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
VendorProductVersion
redhatjboss_enterprise_web_server
1.0.2
redhatjboss_enterprise_web_server
2.0.0
redhatenterprise_linux
6.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat6
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
not-affected
tomcat7
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-0869.html
http://rhn.redhat.com/errata/RHSA-2013-0870.html
http://rhn.redhat.com/errata/RHSA-2013-0871.html
http://rhn.redhat.com/errata/RHSA-2013-0872.html
https://bugzilla.redhat.com/show_bug.cgi?id=927622
http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-0869.html
http://rhn.redhat.com/errata/RHSA-2013-0870.html
http://rhn.redhat.com/errata/RHSA-2013-0871.html
http://rhn.redhat.com/errata/RHSA-2013-0872.html
https://bugzilla.redhat.com/show_bug.cgi?id=927622