CVE-2016-1240

Published on: 10/03/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:05 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Tomcat from Apache contain the following vulnerability:

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.

  • CVE-2016-1240 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.2 - HIGH

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Red Hat Customer Portal access.redhat.com
text/html
URL Logo REDHAT RHSA-2017:0455
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0457
Exploit – Page 40450 – Exploits Database www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40450
Debian -- Security Information -- DSA-3669-1 tomcat7 Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3669
Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability cve.report (archive)
text/html
URL Logo BID 93263
Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240 legalhackers.com
text/html
URL Logo MISC legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html
Red Hat Customer Portal access.redhat.com
text/html
URL Logo REDHAT RHSA-2017:0456
November 2017 Apache Tomcat Vulnerabilities in NetApp Products | NetApp Product Security security.netapp.com
text/html
URL Logo CONFIRM security.netapp.com/advisory/ntap-20180731-0002/
Apache Tomcat Unsafe chown Command in init Script Lets Local Users Obtain Root Privileges - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1036845
USN-3081-1: Tomcat vulnerability | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3081-1
Apache Tomcat: Multiple vulnerabilities (GLSA 201705-09) — Gentoo Security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201705-09
SecurityFocus web.archive.org
text/html
Inactive LinkNot Archived
URL Logo BUGTRAQ 20161001 CVE-2016-1240 - Tomcat packaging on Debian-based distros - Local Root Privilege Escalation
Debian -- Security Information -- DSA-3670-1 tomcat8 Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3670

Exploit/POC from Github

CVE-2016-1240 exploit and patch

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheTomcat6.0AllAllAll
ApplicationApacheTomcat7.0AllAllAll
ApplicationApacheTomcat8.0AllAllAll
ApplicationApacheTomcat6.0AllAllAll
ApplicationApacheTomcat7.0AllAllAll
ApplicationApacheTomcat8.0AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
  • cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:apache:tomcat:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*: