Lucene search

K
cvelistRedhatCVELIST:CVE-2016-5425
HistoryOct 13, 2016 - 2:00 p.m.

CVE-2016-5425

2016-10-1314:00:00
redhat
www.cve.org
4

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

48.0%

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.