Lucene search

K
cvelistRedhatCVELIST:CVE-2016-5425
HistoryOct 13, 2016 - 2:00 p.m.

CVE-2016-5425

2016-10-1314:00:00
redhat
www.cve.org

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.