Vulnerability CVE-2013-1976
Published: 2013-07-09

Description:
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

Type:

CWE-59

 (Improper Link Resolution Before File Access ('Link Following'))

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Jboss enterprise web server 
Redhat -> Enterprise linux 

 References:
http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
http://rhn.redhat.com/errata/RHSA-2013-0869.html
http://rhn.redhat.com/errata/RHSA-2013-0870.html
http://rhn.redhat.com/errata/RHSA-2013-0871.html
http://rhn.redhat.com/errata/RHSA-2013-0872.html
https://bugzilla.redhat.com/show_bug.cgi?id=927622
Copyright 2024, cxsecurity.com

 

Back to Top