Privilege Escalation Vulnerability in Tomcat Package on Linux Distributions

Privilege Escalation Vulnerability in Tomcat Package on Linux Distributions

CVE-2016-5425 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Learn more about our Cis Benchmark Audit For Apache Tomcat.