CVE-2016-5425

Name of the Vulnerable Software and Affected Versions Apache Tomcat on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions (affected versions not specified)

Description The issue is related to weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Recommendations For Apache Tomcat on affected Linux distributions, consider restricting access to the tomcat group or modifying the permissions of /usr/lib/tmpfiles.d/tomcat.conf to prevent local users from gaining root privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.