Debian: Security Advisory (DLA-623-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Metasploit Weekly Wrap-Up

Taking a stroll down memory lane Tomcat Init Script Privilege Escalation Do you remember the issue with Tomcat init script that was originally discovered by Dawid Golunski back in 2016 that led to privilege escalation? This week's Metasploit release includes an exploit module for CVE-2016-1240 by...

Apache Tomcat On Ubuntu Log Init Privilege Escalation

This exploit sample shows how an exploit module could be written to exploit a bug in a command on a linux computer for priv esc. class MetasploitModule 'Apache Tomcat on Ubuntu Log Init Privilege Escalation', 'Description' = %q Tomcat 6, 7, 8 packages provided by default repositories on...

Apache Tomcat On Ubuntu Log Init Privilege Escalation Exploit

This Metasploit module targets a vulnerability in Tomcat versions 6, 7, and 8 on Debian-based distributions where these older versions provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account to escalate their privileges from the...

Security Bulletin: OpenSSL vulnerabilities affect IBM Rational Team Concert (CVE-2016-1240, CVE-2016-6797, etc)

Summary OpenSSL vulnerabilities were disclosed recently by the OpenSSL Project. OpenSSL is used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Rational BuildForge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1240 DESCRIPTION: Apache Tomcat could...

Security Bulletin:Vulnerabilities in Apache Tomcat and OpenSSL affect Rational BuildForge

Summary OpenSSL and Apache Tomcat vulnerabilities were disclosed recently, OpenSSL and Apache Tomcat are used by Rational BuildForge. Rational BuildForge has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1240 DESCRIPTION: Apache Tomcat could allow a local attacker to gain...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update

An update is now available for Red Hat JBoss Web Server 3 for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 security and enhancement update

An update is now available for Red Hat JBoss Web Server 3 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Important: Red Hat Security Advisory: Red Hat JBoss Web Server security and enhancement update

An update is now available for Red Hat JBoss Web Server. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...

CVE-2016-1240

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu...

CVE-2016-1240

This CVE (CVE-2016-1240) affects the Tomcat init scripts in Debian/Ubuntu packages, allowing local users with Tomcat access to gain root via a symlink attack on the Catalina log file (e.g., /var/log/tomcat7/catalina.out). Affected packages and versions include: tomcat7 before 7.0.56-3+deb8u4 and ...

CVE-2016-1240

creationtimestamp| type| source ---|---|--- 2016-10-03 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40450 2016-10-03 23:59:19+00:00| seen| https://t.me/FullDisclosure/121 2016-10-26 23:42:50+00:00| seen| https://t.me/FullDisclosure/210 2023-02-06 14:21:33+00:00| seen|...

Apache Tomcat 876 (Debian-Based Distros) - Local Privilege Escalation

Apache Tomcat 876 Debian-Based Distros - Local Privilege Escalation ============================================= - Discovered by: Dawid Golunski - http://legalhackers.com - dawid at legalhackers.com - CVE-2016-1240 - Release date: 30.09.2016 - Revision: 1 - Severity: High...

Ubuntu: Security Advisory (USN-3081-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3081-1: Tomcat vulnerability

Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. CVE-2016-1240 This update also reverts a change in behaviour introduced in USN-3024-1 by setting mapperContextRootRedirectEnable...

USN-3081-1 tomcat6, tomcat7, tomcat8 vulnerability

Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges. CVE-2016-1240 This update also reverts a change in behaviour introduced in USN-3024-1 by setting mapperContextRootRedirectEnable...

CVE-2016-1240

It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation...

[SECURITY] [DSA 3670-1] tomcat8 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3670-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 15, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3669-1] tomcat7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3669-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 15, 2016 https://www.debian.org/security/faq -...