PT-2013-3499 · Apache+3 · Apache Tomcat+4

Simon Fayer

Published

2013-05-28

Updated

2024-06-15

CVE-2013-1976

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Tomcat versions in JBoss Enterprise Web Server 1.0.2 and 2.0.0 Tomcat versions in Red Hat Enterprise Linux 5 and 6

Description The issue allows local users to change the ownership of arbitrary files via a symlink attack on log files, including tomcat5-initd.log, tomcat6-initd.log, catalina.out, or tomcat7-initd.log.

Recommendations For Tomcat versions in JBoss Enterprise Web Server 1.0.2 and 2.0.0, consider restricting access to the log files to prevent symlink attacks. For Tomcat versions in Red Hat Enterprise Linux 5 and 6, restrict access to the log files to minimize the risk of exploitation. As a temporary workaround, consider setting the log files to immutable to prevent changes until a patch is available.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CESA-2013_0869

CVE-2013-1976

MGASA-2014-0082

OPENSUSE-SU-2024:10153-1

OPENSUSE-SU-2024:10446-1

OPENSUSE-SU-2024:13441-1

RHSA-2013:0869

RHSA-2013:0870

RHSA-2013:0871

RHSA-2013:0872

RHSA-2013_0869

RHSA-2013_0870

SUSE-RU-2023:3956-1

SUSE-RU-2023:4991-1

Affected Products

Centos

Jboss Enterprise Web Server

Red Hat

Suse

Apache Tomcat

PT-2013-3499 · Apache+3 · Apache Tomcat+4

CVE-2013-1976

Weakness Enumeration

Related Identifiers

Affected Products

References · 497