| Vulnerability Name: | CVE-2004-1452 (CCN-16993) | ||||||||
| Assigned: | 2004-08-15 | ||||||||
| Published: | 2004-08-15 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-1452 Source: CCN Type: SA12296 Gentoo Tomcat Privilege Escalation Vulnerability Source: SECUNIA Type: Patch 12296 Source: CCN Type: GLSA-200408-15 Tomcat: Insecure installation Source: GENTOO Type: Patch GLSA-200408-15 Source: CCN Type: OSVDB ID: 8851 Gentoo Tomcat Group Root Privilege Escalation Source: BID Type: Patch 10951 Source: CCN Type: BID-10951 Gentoo Linux Tomcat EBuild Insecure Install Permissions Vulnerability Source: XF Type: UNKNOWN gentoo-tomcat-gain-privileges(16993) Source: XF Type: UNKNOWN gentoo-tomcat-gain-privileges(16993) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||