Oval Definition:	oval:com.ubuntu.xenial:def:201612400000000
Revision Date: 2016-10-03 Version: 1 Title: CVE-2016-1240 on Ubuntu 16.04 LTS (xenial) - medium. Description: The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out. Family: unix Class: vulnerability Status: Reference(s): CVE-2016-1240 Platform(s): Ubuntu 16.04 LTS Product(s): Definition Synopsis Ubuntu 16.04 LTS (xenial) is installed. AND Package Information tomcat6 package in xenial is affected and needs fixing. OR tomcat7 package in xenial was vulnerable but has been fixed (note: '7.0.68-1ubuntu0.3'). OR tomcat8 package in xenial was vulnerable but has been fixed (note: '8.0.32-1ubuntu1.2').
BACK