CVE-2016-5425

HIGH

Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation

Title source: metasploit
STIX 2.1

Description

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Exploits (2)

exploitdb WORKING POC
by Dawid Golunski · textlocallinux
https://www.exploit-db.com/exploits/40488
metasploit WORKING POC MANUAL
by h00die, Dawid Golunski <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/tomcat_rhel_based_temp_priv_esc.rb

References (10)

Scores

CVSS v3 7.8
EPSS 0.1155
EPSS Percentile 93.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-276
Status published
Products (1)
apache/tomcat
Published Oct 13, 2016
Tracked Since Feb 18, 2026