Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2016-9774
HistoryMar 23, 2017 - 4:59 p.m.

CVE-2016-9774

2017-03-2316:59:00
CWE-59
[email protected]
web.nvd.nist.gov
53
4
cve-2016-9774
tomcat
package
local users
privileges
symlink attack
information disclosure
root privileges
security vulnerability
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.

Social References

More

Related

prion 1
ubuntucve 1
osv 3
debiancve 1
openvas 8
debian 6
nessus 5
ubuntu 2
prion
prion
Directory traversal
2017-03-23 16:59:00
ubuntucve
ubuntucve
CVE-2016-9774
2016-12-02 00:00:00
osv
osv
CVE-2016-9774
2017-03-23 16:59:00
tomcat6 - security update
2016-12-16 00:00:00
tomcat7 - security update
2016-12-18 00:00:00
debiancve
debiancve
CVE-2016-9774
2017-03-23 16:59:00
openvas
openvas
Debian: Security Advisory (DLA-746-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3739-1 (tomcat8 - security update)
2016-12-18 00:00:00
Debian Security Advisory DSA 3738-1 (tomcat7 - security update)
2016-12-18 00:00:00
debian
debian
[SECURITY] [DLA 746-1] tomcat6 security update
2016-12-16 19:29:10
[SECURITY] [DLA 753-1] tomcat7 security update
2016-12-18 20:08:58
[SECURITY] [DSA 3738-1] tomcat7 security update
2016-12-18 09:12:10
nessus
nessus
Debian DSA-3738-1 : tomcat7 - security update
2016-12-20 00:00:00
Debian DSA-3739-1 : tomcat8 - security update
2016-12-20 00:00:00
Debian DLA-753-1 : tomcat7 security update
2016-12-20 00:00:00
ubuntu
ubuntu
Tomcat regression
2017-02-02 00:00:00
Tomcat vulnerabilities
2017-01-23 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON
Related for CVE-2016-9774
prion1ubuntucve1osv3debiancve1openvas8debian6nessus5ubuntu2