Vulnerability Description
The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Web Server | 1.0.2 |
| Redhat | Enterprise Linux | 5 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2013-0869.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0870.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0871.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0872.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=927622Vendor Advisory
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2013-0869.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0870.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0871.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0872.htmlVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=927622Vendor Advisory
FAQ
What is CVE-2013-1976?
CVE-2013-1976 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local...
How severe is CVE-2013-1976?
CVE-2013-1976 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1976?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Web Server, Redhat Enterprise Linux.