Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-9775
HistoryDec 02, 2016 - 12:00 a.m.

CVE-2016-9775

2016-12-0200:00:00
ubuntu.com
ubuntu.com
9

0.0004 Low

EPSS

Percentile

9.8%

The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 on
Debian wheezy, before 6.0.45+dfsg-1~deb8u1 on Debian jessie, before
6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7
package before 7.0.28-4+deb7u7 on Debian wheezy, before 7.0.56-3+deb8u6 on
Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu 14.04 LTS, and on Ubuntu
12.04 LTS, 16.04 LTS, and 16.10; and the tomcat8 package before
8.0.14-1+deb8u5 on Debian jessie, before 8.0.32-1ubuntu1.3 on Ubuntu 16.04
LTS, before 8.0.37-1ubuntu0.1 on Ubuntu 16.10, and before 8.0.38-2ubuntu1
on Ubuntu 17.04 might allow local users with access to the tomcat account
to gain root privileges via a setgid program in the Catalina directory, as
demonstrated by /etc/tomcat8/Catalina/attack.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchtomcat6< 6.0.35-1ubuntu3.9UNKNOWN
ubuntu14.04noarchtomcat6< anyUNKNOWN
ubuntu14.04noarchtomcat7< 7.0.52-1ubuntu0.8UNKNOWN
ubuntu16.04noarchtomcat7< 7.0.68-1ubuntu0.3UNKNOWN
ubuntu17.10noarchtomcat8< 8.0.38-2ubuntu1UNKNOWN
ubuntu18.04noarchtomcat8< 8.0.38-2ubuntu1UNKNOWN
ubuntu18.10noarchtomcat8< 8.0.38-2ubuntu1UNKNOWN
ubuntu16.04noarchtomcat8< 8.0.32-1ubuntu1.3UNKNOWN
ubuntu16.10noarchtomcat8< 8.0.37-1ubuntu0.1UNKNOWN
ubuntu17.04noarchtomcat8< 8.0.38-2ubuntu1UNKNOWN

0.0004 Low

EPSS

Percentile

9.8%