CVE-2016-1240: Input Validation
First published: Thu Sep 15 2016(Updated: )
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
Credit: security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/tomcat6 | ||
| redhat/hibernate4-eap6 | <0:4.2.23-1.Final_redhat_1.1.ep6.el6 | 0:4.2.23-1.Final_redhat_1.1.ep6.el6 |
| redhat/jbcs-httpd24 | <0:1-3.jbcs.el6 | 0:1-3.jbcs.el6 |
| redhat/jbcs-httpd24-apache-commons-daemon | <0:1.0.15-1.redhat_2.1.jbcs.el6 | 0:1.0.15-1.redhat_2.1.jbcs.el6 |
| redhat/jbcs-httpd24-apache-commons-daemon-jsvc | <1:1.0.15-17.redhat_2.jbcs.el6 | 1:1.0.15-17.redhat_2.jbcs.el6 |
| redhat/tomcat7 | <0:7.0.70-16.ep7.el6 | 0:7.0.70-16.ep7.el6 |
| redhat/tomcat8 | <0:8.0.36-17.ep7.el6 | 0:8.0.36-17.ep7.el6 |
| redhat/tomcat-native | <0:1.2.8-9.redhat_9.ep7.el6 | 0:1.2.8-9.redhat_9.ep7.el6 |
| redhat/tomcat-vault | <0:1.0.8-9.Final_redhat_2.1.ep7.el6 | 0:1.0.8-9.Final_redhat_2.1.ep7.el6 |
| redhat/hibernate4-eap6 | <0:4.2.23-1.Final_redhat_1.1.ep6.el7 | 0:4.2.23-1.Final_redhat_1.1.ep6.el7 |
| redhat/jbcs-httpd24 | <0:1-3.jbcs.el7 | 0:1-3.jbcs.el7 |
| redhat/jbcs-httpd24-apache-commons-daemon | <0:1.0.15-1.redhat_2.1.jbcs.el7 | 0:1.0.15-1.redhat_2.1.jbcs.el7 |
| redhat/jbcs-httpd24-apache-commons-daemon-jsvc | <1:1.0.15-17.redhat_2.jbcs.el7 | 1:1.0.15-17.redhat_2.jbcs.el7 |
| redhat/tomcat7 | <0:7.0.70-16.ep7.el7 | 0:7.0.70-16.ep7.el7 |
| redhat/tomcat8 | <0:8.0.36-17.ep7.el7 | 0:8.0.36-17.ep7.el7 |
| redhat/tomcat-native | <0:1.2.8-9.redhat_9.ep7.el7 | 0:1.2.8-9.redhat_9.ep7.el7 |
| redhat/tomcat-vault | <0:1.0.8-9.Final_redhat_2.1.ep7.el7 | 0:1.0.8-9.Final_redhat_2.1.ep7.el7 |
| Tomcat | =6.0 | |
| Tomcat | =7.0 | |
| Tomcat | =8.0 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Debian Linux | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html
- http://packetstormsecurity.com/files/170857/Apache-Tomcat-On-Ubuntu-Log-Init-Privilege-Escalation.html
- http://rhn.redhat.com/errata/RHSA-2017-0457.html
- http://www.debian.org/security/2016/dsa-3669
- http://www.debian.org/security/2016/dsa-3670
- http://www.securityfocus.com/archive/1/539519/100/0/threaded
- http://www.securityfocus.com/bid/93263
- http://www.securitytracker.com/id/1036845
- http://www.ubuntu.com/usn/USN-3081-1
- https://access.redhat.com/errata/RHSA-2017:0455
- https://access.redhat.com/errata/RHSA-2017:0456
- https://security.gentoo.org/glsa/201705-09
- https://security.netapp.com/advisory/ntap-20180731-0002/
- https://www.exploit-db.com/exploits/40450/
- http://seclists.org/bugtraq/2016/Sep/26
- https://www.debian.org/security/2016/dsa-3669
- https://www.debian.org/security/2016/dsa-3670
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1201569&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1201569&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1201570&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1201570&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1376716
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1376718
- http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt
- https://rhn.redhat.com/errata/RHSA-2017-0457.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1470472
- https://bugzilla.redhat.com/show_bug.cgi?id=1376712
- https://www.cve.org/CVERecord?id=CVE-2016-1240 https://nvd.nist.gov/vuln/detail/CVE-2016-1240 http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.txt
- https://access.redhat.com/errata/RHSA-2017:0457
- https://access.redhat.com/security/cve/CVE-2016-1240
- https://security-tracker.debian.org/tracker/CVE-2016-1240
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2016-1240?
CVE-2016-1240 is classified with high severity due to the potential for root privilege escalation.
How do I fix CVE-2016-1240?
To fix CVE-2016-1240, update the affected Tomcat packages to the latest versions provided by your distribution.
Which versions of Tomcat are affected by CVE-2016-1240?
CVE-2016-1240 affects Tomcat versions before 6.0.35, 7.0.56, and 8.0.14.
What platforms are impacted by CVE-2016-1240?
CVE-2016-1240 impacts Debian Jessie and Ubuntu 12.04 LTS, among others.
Is CVE-2016-1240 an exploit in Tomcat's init script?
Yes, CVE-2016-1240 is a vulnerability in the Tomcat init script that allows for privilege escalation.
- collector/security-tracker-debian
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-1240
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- package-manager/redhat
- vendor/apache
- canonical/tomcat
- version/tomcat/6.0
- version/tomcat/7.0
- version/tomcat/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/16.04
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0