CVE-2016-6325

NameCVE-2016-6325
DescriptionThe Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat6source(unstable)(not affected)
tomcat7source(unstable)(not affected)
tomcat8source(unstable)(not affected)

Notes

- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
https://bugzilla.redhat.com/show_bug.cgi?id=1367447

Search for package or bug name: Reporting problems