Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-9774
HistoryDec 02, 2016 - 12:00 a.m.

CVE-2016-9774

2016-12-0200:00:00
ubuntu.com
ubuntu.com
14

0.0004 Low

EPSS

Percentile

9.8%

The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 on
Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu
14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy,
before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu
14.04 LTS, and on Ubuntu 12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8
package before 8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3
on Ubuntu 16.04 LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before
8.0.38-2ubuntu1 on Ubuntu 17.04 might allow local users with access to the
tomcat account to obtain sensitive information or gain root privileges via
a symlink attack on the Catalina localhost directory.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchtomcat6< 6.0.35-1ubuntu3.9UNKNOWN
ubuntu14.04noarchtomcat6< anyUNKNOWN
ubuntu14.04noarchtomcat7< 7.0.52-1ubuntu0.8UNKNOWN
ubuntu16.04noarchtomcat7< 7.0.68-1ubuntu0.3UNKNOWN
ubuntu17.10noarchtomcat8< 8.0.38-2ubuntu1UNKNOWN
ubuntu18.04noarchtomcat8< 8.0.38-2ubuntu1UNKNOWN
ubuntu18.10noarchtomcat8< 8.0.38-2ubuntu1UNKNOWN
ubuntu16.04noarchtomcat8< 8.0.32-1ubuntu1.3UNKNOWN
ubuntu16.10noarchtomcat8< 8.0.37-1ubuntu0.1UNKNOWN
ubuntu17.04noarchtomcat8< 8.0.38-2ubuntu1UNKNOWN

0.0004 Low

EPSS

Percentile

9.8%