CVE-2016-1240

EPSS 9.8%

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/Naramsim/Offensive★ 1 githubgithub.com/mhe18/CVE_Project★ 0 cve_referencepacketstormsecurity.com/files/170857/Apache-Tomcat-On-Ubuntu-Log-Init-Privilege-Escalation.htmlunverified cve_referencewww.exploit-db.com/exploits/40450/unverified exploitdbwww.exploit-db.com/exploits/40450unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html http://packetstormsecurity.com/files/170857/Apache-Tomcat-On-Ubuntu-Log-Init-Privilege-Escalation.html http://rhn.redhat.com/errata/RHSA-2017-0457.html https://access.redhat.com/errata/RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0456 https://security.gentoo.org/glsa/201705-09 https://security.netapp.com/advisory/ntap-20180731-0002/https://www.exploit-db.com/exploits/40450/http://www.debian.org/security/2016/dsa-3669 http://www.debian.org/security/2016/dsa-3670 http://www.securityfocus.com/archive/1/539519/100/0/threaded http://www.securityfocus.com/bid/93263