Vulnerability Name: CVE-2016-5425 (CCN-117580) Assigned: 2016-10-10 Published: 2016-10-10 Updated: 2023-02-12 Summary: The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 7.2 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.8 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.0 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 6.5 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.9 Medium (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-284 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2016-5425 Apache Tomcat (packaging on RedHat-based distros) - Root Privilege Escalation secalert@redhat.com secalert@redhat.com Important: tomcat security update secalert@redhat.com Tomcat ulnerabilities in Apache Tomcat and OpenSSL affect Rational BuildForge secalert@redhat.com secalert@redhat.com Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability secalert@redhat.com secalert@redhat.com (CVE-2016-5425) CVE-2016-5425 tomcat: Local privilege escalation via systemd-tmpfiles service apache-tomcat-cve20165425-priv-esc(117580) secalert@redhat.com Apache Tomcat 8 / 7 / 6 Privilege Escalation Apache Tomcat Privilege Escalation Offensive Security Exploit Database [10-10-2016] secalert@redhat.com Resilient is vulnerable to Using Components with Known Vulnerabilities secalert@redhat.com CVE-2016-5425 Vulnerable Configuration: Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/a:apache:tomcat:-:*:*:*:*:*:*:* AND cpe:/a:ibm:rational_build_forge:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_build_forge:8.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_build_forge:8.0.0.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node_eus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_build_forge:8.0.0.3:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_build_forge:8.0.0.4:*:*:*:*:*:*:* Oval Definitions BACK
apache tomcat -
ibm rational build forge 8.0
ibm rational build forge 8.0.0.1
ibm rational build forge 8.0.0.2
redhat enterprise linux desktop 7
redhat enterprise linux hpc node 7
redhat enterprise linux hpc node eus 7.2
redhat enterprise linux server 7
redhat enterprise linux server aus 7.2
redhat enterprise linux server eus 7.2
redhat enterprise linux workstation 7
ibm rational build forge 8.0.0.3
redhat enterprise linux server tus 7.2
ibm rational build forge 8.0.0.4
Denotes that component is vulnerable