PT-2016-4663 · Apache+1 · Apache Tomcat+1

Dawid Golunski

Published

2016-09-15

Updated

2023-02-06

CVE-2016-1240

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions prior to 7.0.56-3+deb8u4 Apache Tomcat versions prior to 8.0.14-1+deb8u3 Apache Tomcat 6 versions prior to 6.0.35-1ubuntu3.8 Apache Tomcat 7 versions prior to 7.0.52-1ubuntu0.7 Apache Tomcat 8 versions prior to 8.0.32-1ubuntu1.2

Description The issue allows local users with access to the Tomcat account to gain root privileges via a symlink attack on the Catalina log file. This can be demonstrated by an attack on the /var/log/tomcat7/catalina.out file.

Recommendations For Apache Tomcat 6, update to version 6.0.35-1ubuntu3.8 or later. For Apache Tomcat 7 on Debian jessie, update to version 7.0.56-3+deb8u4 or later. For Apache Tomcat 7 on Ubuntu 14.04 LTS, update to version 7.0.52-1ubuntu0.7 or later. For Apache Tomcat 8 on Debian jessie, update to version 8.0.14-1+deb8u3 or later. For Apache Tomcat 8 on Ubuntu 16.04 LTS, update to version 8.0.32-1ubuntu1.2 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-1240

DLA-622-1

DLA-623-1

DSA-3669-1

DSA-3670-1

RHSA-2017:0455

RHSA-2017:0456

USN-3081-1

USN-3081-2

Affected Products

Apache Tomcat

Ubuntu

PT-2016-4663 · Apache+1 · Apache Tomcat+1

CVE-2016-1240

Weakness Enumeration

Related Identifiers

Affected Products

References · 27