vulnerability

Amazon Linux AMI: CVE-2016-6325: Security patch for tomcat6, tomcat7, tomcat8 (ALAS-2016-764)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Oct 13, 2016	Nov 11, 2016	Apr 16, 2020

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Oct 13, 2016

Added

Nov 11, 2016

Modified

Apr 16, 2020

Description

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Solution(s)

amazon-linux-upgrade--tomcat7amazon-linux-upgrade--tomcat8amazon-linux-upgrade-tomcat6

References

REDHAT-RHSA-2016:2045
REDHAT-RHSA-2016:2046
REDHAT-RHSA-2017:0455
REDHAT-RHSA-2017:0456
REDHAT-RHSA-2017:0457
AMAZON-ALAS-2016-764
BID-93478
NVD-CVE-2016-6325

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today