CVE-2016-9774

Name of the Vulnerable Software and Affected Versions tomcat6 versions 6.0.35 through 6.0.44 tomcat6 version 6.0.45+dfsg-1~deb7u3 and earlier tomcat7 versions 7.0.28 through 7.0.52 tomcat7 version 7.0.56-3+deb8u5 and earlier tomcat8 versions 8.0.14 through 8.0.32 tomcat8 version 8.0.37-1ubuntu0.1 and earlier tomcat8 version 8.0.38-2ubuntu0 and earlier

Description The issue might allow local users with access to the tomcat account to obtain sensitive information or gain root privileges via a symlink attack on the Catalina localhost directory.

Recommendations For tomcat6 versions 6.0.35 through 6.0.44, update to version 6.0.45+dfsg-1deb7u4 or later. For tomcat6 version 6.0.45+dfsg-1deb7u3 and earlier, update to version 6.0.45+dfsg-1~deb7u4 or later. For tomcat7 versions 7.0.28 through 7.0.52, update to version 7.0.56-3+deb8u6 or later. For tomcat7 version 7.0.56-3+deb8u5 and earlier, update to version 7.0.56-3+deb8u6 or later. For tomcat8 versions 8.0.14 through 8.0.32, update to version 8.0.32-1ubuntu1.3 or later. For tomcat8 version 8.0.37-1ubuntu0.1 and earlier, update to version 8.0.37-1ubuntu0.1 or later. For tomcat8 version 8.0.38-2ubuntu0 and earlier, update to version 8.0.38-2ubuntu1 or later.