CVE-2004-1452

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions prior to 5.0.27-r3

Description: The issue allows local users in the tomcat group to execute arbitrary commands as root by modifying the init scripts, which are executed with root privileges despite being owned by the tomcat user and group.

Recommendations: For versions prior to 5.0.27-r3, update to version 5.0.27-r3 or later to resolve the issue. As a temporary workaround, consider restricting write access to the init scripts to prevent modification by local users in the tomcat group.