CVE-2013-1976

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

References

http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html

http://rhn.redhat.com/errata/RHSA-2013-0869.html

http://rhn.redhat.com/errata/RHSA-2013-0870.html

http://rhn.redhat.com/errata/RHSA-2013-0871.html

http://rhn.redhat.com/errata/RHSA-2013-0872.html

https://bugzilla.redhat.com/show_bug.cgi?id=927622

Details

Source: MITRE

Published: 2013-07-09

Updated: 2019-04-22

Type: CWE-59

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
76236RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0871)NessusRed Hat Local Security Checks
medium
75107openSUSE Security Update : tomcat (openSUSE-SU-2013:1307-1)NessusSuSE Local Security Checks
medium
75106openSUSE Security Update : tomcat (openSUSE-SU-2013:1306-1)NessusSuSE Local Security Checks
medium
72595Mandriva Linux Security Advisory : tomcat6 (MDVSA-2014:042)NessusMandriva Local Security Checks
medium
69754Amazon Linux AMI : tomcat6 (ALAS-2013-196)NessusAmazon Linux Local Security Checks
medium
69458SuSE 11.2 / 11.3 Security Update : tomcat6 (SAT Patch Numbers 8155 / 8156)NessusSuSE Local Security Checks
medium
68828Oracle Linux 5 : tomcat5 (ELSA-2013-0870)NessusOracle Linux Local Security Checks
medium
68827Oracle Linux 6 : tomcat6 (ELSA-2013-0869)NessusOracle Linux Local Security Checks
medium
66690RHEL 5 / 6 : tomcat5 and tomcat6 (RHSA-2013:0872)NessusRed Hat Local Security Checks
medium
66675CentOS 5 : tomcat5 (CESA-2013:0870)NessusCentOS Local Security Checks
medium
66674CentOS 6 : tomcat6 (CESA-2013:0869)NessusCentOS Local Security Checks
medium
66665Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20130528)NessusScientific Linux Local Security Checks
medium
66664Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130528)NessusScientific Linux Local Security Checks
medium
66661RHEL 5 : tomcat5 (RHSA-2013:0870)NessusRed Hat Local Security Checks
medium
66660RHEL 6 : tomcat6 (RHSA-2013:0869)NessusRed Hat Local Security Checks
medium