Vulnerability CVE-2016-1240

Vulnerability Name:

CVE-2016-1240 (CCN-117091)

Assigned:

2015-12-27

Published:

2016-09-20

Updated:

2023-02-06

Summary:

Apache Tomcat could allow a local attacker to gain elevated privileges on the system, caused by the exploitation of an unsafe chown command in Tomcat init script. An attacker could exploit this vulnerability to gain root privileges on the system.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2016-1240

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: CCN
Type: RHSA-2017-0455
Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update

Source: CCN
Type: RHSA-2017-0456
Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update

Source: CCN
Type: RHSA-2017-0457
Important: Red Hat JBoss Web Server security and enhancement update

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: CCN
Type: Apache Web site
Tomcat

Source: security@debian.org
Type: Third Party Advisory
security@debian.org

Source: security@debian.org
Type: Third Party Advisory
security@debian.org

Source: CCN
Type: IBM Security Bulletin 1995528 (Rational Build Forge)
ulnerabilities in Apache Tomcat and OpenSSL affect Rational BuildForge

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: CCN
Type: BID-93263
Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: security@debian.org
Type: Third Party Advisory, VDB Entry
security@debian.org

Source: security@debian.org
Type: Third Party Advisory
security@debian.org

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: CCN
Type: Red Hat Bugzilla Bug 1376712
(CVE-2016-1240) CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation

Source: XF
Type: UNKNOWN
apache-tomcat-cve20161240-priv-esc(117091)

Source: CCN
Type: Packet Storm Security [10-02-2016]
Apache Tomcat 8.0.36-2 Privilege Escalation

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-03-2016]

Source: security@debian.org
Type: UNKNOWN
security@debian.org

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-1240

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:apache:tomcat:7:*:*:*:*:*:*:*

OR cpe:/a:apache:tomcat:8.0:*:*:*:*:*:*:*

AND

cpe:/a:ibm:rational_build_forge:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:8.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:8.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_build_forge:8.0.0.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.cisecurity:def:1209	P	DSA-3669-1 -- tomcat7 -- security update	2016-11-10
oval:org.cisecurity:def:1202	P	DSA-3670-1 -- tomcat8 -- security update	2016-11-10
oval:com.ubuntu.artful:def:20161240000	V	CVE-2016-1240 on Ubuntu 17.10 (artful) - medium.	2016-10-03
oval:com.ubuntu.trusty:def:20161240000	V	CVE-2016-1240 on Ubuntu 14.04 LTS (trusty) - medium.	2016-10-03
oval:com.ubuntu.cosmic:def:201612400000000	V	CVE-2016-1240 on Ubuntu 18.10 (cosmic) - medium.	2016-10-03
oval:com.ubuntu.bionic:def:20161240000	V	CVE-2016-1240 on Ubuntu 18.04 LTS (bionic) - medium.	2016-10-03
oval:com.ubuntu.xenial:def:20161240000	V	CVE-2016-1240 on Ubuntu 16.04 LTS (xenial) - medium.	2016-10-03
oval:com.ubuntu.bionic:def:201612400000000	V	CVE-2016-1240 on Ubuntu 18.04 LTS (bionic) - medium.	2016-10-03
oval:com.ubuntu.cosmic:def:20161240000	V	CVE-2016-1240 on Ubuntu 18.10 (cosmic) - medium.	2016-10-03
oval:com.ubuntu.xenial:def:201612400000000	V	CVE-2016-1240 on Ubuntu 16.04 LTS (xenial) - medium.	2016-10-03
oval:com.ubuntu.precise:def:20161240000	V	CVE-2016-1240 on Ubuntu 12.04 LTS (precise) - medium.	2016-10-03

BACK