SUSE CVE-2016-5425

The Tomcat package on Red Hat Enterprise Linux RHEL 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group...

Metasploit Weekly Wrap-Up

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...

Apache Tomcat Privilege Escalation

This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation', 'Description' = %q This module exploits a vulnerability in...

Mageia: Security Advisory (MGASA-2016-0367)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : 1:tomcat (2016-38e5b05260) (httpoxy)

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa : - rhbz1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - rhbz1390532 - CVE-2016-0762 CVE-2016-50...

Fedora 23 : 1:tomcat (2016-4094bd4ad6) (httpoxy)

This updates includes a rebase from tomcat 8.0.36 up to 8.0.38 which resolves multiple CVEs and a problem that 8.0.37 introduces to freeipa : - rhbz1375581 - CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header - rhbz1390532 - CVE-2016-0762 CVE-2016-50...

SOL61414056 - Apache Tomcat vulnerability CVE-2016-5425

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

CVE-2016-5425

The Tomcat package on Red Hat Enterprise Linux RHEL 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group...

CVE-2016-5425

CVE-2016-5425 describes a local privilege escalation in Tomcat packages on RHEL7, Fedora, CentOS, Oracle Linux, and similar distros due to weak permissions on /usr/lib/tmpfiles.d/tomcat.conf. Local users in the tomcat group can exploit this to gain root privileges via systemd-tmpfiles handling. T...

RHEL 7 : tomcat (RHSA-2016:2046)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:2046 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: It was discovered that the...

RedHat Update for tomcat RHSA-2016:2046-01

The remote host is missing an update for the Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2016-5425

creationtimestamp| type| source ---|---|--- 2016-10-10 10:52:23+00:00| published-proof-of-concept| https://t.me/canyoupwnme/160 2016-10-11 16:36:42+00:00| published-proof-of-concept| https://t.me/FullDisclosure/149 2023-03-14 10:44:22+00:00| seen|...

Apache Tomcat 8 / 7 / 6 Privilege Escalation

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-5425 - Release date: 10.10.2016 - Revision: 1 - Severity: High ============================================= I. VULNERABILITY -------------------------...

Apache Tomcat 8/7/6 (RedHat Based Distros) - Local Privilege Escalation

============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-5425 - Release date: 10.10.2016 - Revision: 1 - Severity: High ============================================= I. VULNERABILITY -------------------------...