CVE-2016-9775

🗓️ 02 Dec 2016 00:00:00Reported by ubuntu.comType

The postrm script in tomcat6, tomcat7, and tomcat8 packages on Debian and Ubuntu allows local users to gain root privileges

Reporter	Title	Published	Views	Family All 38
CNVD	Apache Tomcat Local Elevation of Privilege Vulnerability (CNVD-2016-12018)	7 Dec 201600:00	–	cnvd
CVE	CVE-2016-9775	23 Mar 201716:00	–	cve
Cvelist	CVE-2016-9775	23 Mar 201716:00	–	cvelist
Debian	[SECURITY] [DSA 3738-1] tomcat7 security update	18 Dec 201609:12	–	debian
Debian	[SECURITY] [DSA 3738-1] tomcat7 security update	18 Dec 201609:12	–	debian
Debian	[SECURITY] [DSA 3739-1] tomcat8 security update	18 Dec 201609:12	–	debian
Debian	[SECURITY] [DSA 3739-1] tomcat8 security update	18 Dec 201609:12	–	debian
Debian CVE	CVE-2016-9775	23 Mar 201716:00	–	debiancve
Tenable Nessus	Debian DSA-3738-1 : tomcat7 - security update	20 Dec 201600:00	–	nessus
Tenable Nessus	Debian DSA-3739-1 : tomcat8 - security update	20 Dec 201600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	12.04	any	tomcat6	6.0.35-1ubuntu3.9	tomcat6_6.0.35-1ubuntu3.9_any.deb
Ubuntu	14.04	any	tomcat6	0	tomcat6_0_any.deb
Ubuntu	17.10	any	tomcat8	8.0.38-2ubuntu1	tomcat8_8.0.38-2ubuntu1_any.deb
Ubuntu	18.04	any	tomcat8	8.0.38-2ubuntu1	tomcat8_8.0.38-2ubuntu1_any.deb
Ubuntu	18.10	any	tomcat8	8.0.38-2ubuntu1	tomcat8_8.0.38-2ubuntu1_any.deb
Ubuntu	16.04	any	tomcat8	8.0.32-1ubuntu1.3	tomcat8_8.0.32-1ubuntu1.3_any.deb
Ubuntu	16.10	any	tomcat8	8.0.37-1ubuntu0.1	tomcat8_8.0.37-1ubuntu0.1_any.deb
Ubuntu	17.04	any	tomcat8	8.0.38-2ubuntu1	tomcat8_8.0.38-2ubuntu1_any.deb
Ubuntu	14.04	any	tomcat7	7.0.52-1ubuntu0.8	tomcat7_7.0.52-1ubuntu0.8_any.deb
Ubuntu	16.04	any	tomcat7	7.0.68-1ubuntu0.3	tomcat7_7.0.68-1ubuntu0.3_any.deb

Source	Link
openwall	www.openwall.com/lists/oss-security/2016/12/02/5
ubuntu	www.ubuntu.com/security/notices/USN-3177-1
cve	www.cve.org/CVERecord

18 Aug 2025 17:05Current

7.1High risk

Vulners AI Score7.1

CVSS 27.2

CVSS 37.8

EPSS0.0011