module
Apache Tomcat on Ubuntu Log Init Privilege Escalation
| Disclosed | Created |
|---|---|
| Sep 30, 2016 | Feb 6, 2023 |
Disclosed
Sep 30, 2016
Created
Feb 6, 2023
Description
Tomcat (6, 7, 8) packages provided by default repositories on Debian-based
distributions (including Debian, Ubuntu etc.) provide a vulnerable
tomcat init script that allows local attackers who have already gained access
to the tomcat account (for example, by exploiting an RCE vulnerability
in a java web application hosted on Tomcat, uploading a webshell etc.) to
escalate their privileges from tomcat user to root and fully compromise the
target system.
Tested against Tomcat 8.0.32-1ubuntu1.1 on Ubuntu 16.04
distributions (including Debian, Ubuntu etc.) provide a vulnerable
tomcat init script that allows local attackers who have already gained access
to the tomcat account (for example, by exploiting an RCE vulnerability
in a java web application hosted on Tomcat, uploading a webshell etc.) to
escalate their privileges from tomcat user to root and fully compromise the
target system.
Tested against Tomcat 8.0.32-1ubuntu1.1 on Ubuntu 16.04
Authors
h00die
Dawid Golunski [email protected]
Dawid Golunski [email protected]
Platform
Linux
Architectures
x86, x64, python
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.