PT-2004-2366 · Apache · Apache Tomcat

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1452

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions prior to 5.0.27-r3

Description: The issue allows local users in the tomcat group to execute arbitrary commands as root by modifying the init scripts, which are executed with root privileges despite being owned by the tomcat user and group.

Recommendations: For versions prior to 5.0.27-r3, update to version 5.0.27-r3 or later to resolve the issue. As a temporary workaround, consider restricting write access to the init scripts to prevent modification by local users in the tomcat group.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1452

Affected Products

Apache Tomcat

PT-2004-2366 · Apache · Apache Tomcat

CVE-2004-1452

Related Identifiers

Affected Products

References · 5