CVE-2016-1240

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
apachetomcat
6.0
apachetomcat
7.0
apachetomcat
8.0
apachetomcat
7.0
apachetomcat
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat6
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
Fixed 6.0.45+dfsg-1ubuntu0.2
released
trusty
Fixed 6.0.39-1ubuntu0.1
released
precise
Fixed 6.0.35-1ubuntu3.8
released
tomcat7
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 7.0.68-1ubuntu0.3
released
trusty
Fixed 7.0.52-1ubuntu0.7
released
precise
ignored
tomcat8
groovy
dne
focal
dne
eoan
dne
disco
dne
cosmic
Fixed 8.0.36-2ubuntu1
released
bionic
Fixed 8.0.36-2ubuntu1
released
artful
Fixed 8.0.36-2ubuntu1
released
zesty
Fixed 8.0.36-2ubuntu1
released
yakkety
Fixed 8.0.36-2ubuntu1
released
xenial
Fixed 8.0.32-1ubuntu1.2
released
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html
http://packetstormsecurity.com/files/170857/Apache-Tomcat-On-Ubuntu-Log-Init-Privilege-Escalation.html
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://www.debian.org/security/2016/dsa-3669
http://www.debian.org/security/2016/dsa-3670
http://www.securityfocus.com/archive/1/539519/100/0/threaded
http://www.securityfocus.com/bid/93263
http://www.securitytracker.com/id/1036845
http://www.ubuntu.com/usn/USN-3081-1
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://security.gentoo.org/glsa/201705-09
https://security.netapp.com/advisory/ntap-20180731-0002/
https://www.exploit-db.com/exploits/40450/
http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html
http://packetstormsecurity.com/files/170857/Apache-Tomcat-On-Ubuntu-Log-Init-Privilege-Escalation.html
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://www.debian.org/security/2016/dsa-3669
http://www.debian.org/security/2016/dsa-3670
http://www.securityfocus.com/archive/1/539519/100/0/threaded
http://www.securityfocus.com/bid/93263
http://www.securitytracker.com/id/1036845
http://www.ubuntu.com/usn/USN-3081-1
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://security.gentoo.org/glsa/201705-09
https://security.netapp.com/advisory/ntap-20180731-0002/
https://www.exploit-db.com/exploits/40450/