Privilege Escalation

2019-01-1508:53:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

tomcat is vulnerable to privilege escalation. An error in the way the init script handled the tomcat5-initd.log, tomcat6-initd.log, tomcat7-initd.log and catalina.out log files allows a tomcat user to perform a symbolic link attack to change the ownership of an arbitrary system file to the tomcat user, allowing privilege escalation to root.

CPENameOperatorVersion
tomcat6eq6.0.24__48.el6_3
tomcat6eq6.0.24__55.el6_4
tomcat6eq6.0.24__24.el6_0
tomcat6eq6.0.24__64.el6_5
tomcat6eq6.0.24__111.el6_9
tomcat6eq6.0.24__95.el6
tomcat6eq6.0.24__49.el6
tomcat6eq6.0.24__62.el6
tomcat6eq6.0.24__80.el6
tomcat6eq6.0.24__15.el6

Name	Operator	Version
tomcat6	eq	6.0.24__48.el6_3
tomcat6	eq	6.0.24__55.el6_4
tomcat6	eq	6.0.24__24.el6_0
tomcat6	eq	6.0.24__64.el6_5
tomcat6	eq	6.0.24__111.el6_9
tomcat6	eq	6.0.24__95.el6
tomcat6	eq	6.0.24__49.el6
tomcat6	eq	6.0.24__62.el6
tomcat6	eq	6.0.24__80.el6
tomcat6	eq	6.0.24__15.el6