vulnerability
Red Hat: CVE-2016-6325: Important: tomcat security update ((Multiple Advisories))
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Oct 10, 2016 | Oct 21, 2016 | Jul 9, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Oct 10, 2016
Added
Oct 21, 2016
Modified
Jul 9, 2025
Description
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-tomcatredhat-upgrade-tomcat-admin-webappsredhat-upgrade-tomcat-docs-webappredhat-upgrade-tomcat-el-2-2-apiredhat-upgrade-tomcat-javadocredhat-upgrade-tomcat-jsp-2-2-apiredhat-upgrade-tomcat-jsvcredhat-upgrade-tomcat-libredhat-upgrade-tomcat-servlet-3-0-apiredhat-upgrade-tomcat-webappsredhat-upgrade-tomcat6redhat-upgrade-tomcat6-admin-webappsredhat-upgrade-tomcat6-docs-webappredhat-upgrade-tomcat6-el-2-1-apiredhat-upgrade-tomcat6-javadocredhat-upgrade-tomcat6-jsp-2-1-apiredhat-upgrade-tomcat6-libredhat-upgrade-tomcat6-servlet-2-5-apiredhat-upgrade-tomcat6-webapps
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.