1. Home
  2. CVE Database
  3. CVE-2016-6325
HIGH · 7.8

CVE-2016-6325

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allo...

Vulnerability Description

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ApacheTomcat-
RedhatJboss Enterprise Web Server2.0.0
RedhatJboss Web Server3.0
RedhatEnterprise Linux5.0
RedhatEnterprise Linux Desktop6.0
RedhatEnterprise Linux Hpc Node6.0
RedhatEnterprise Linux Hpc Node Eus7.2
RedhatEnterprise Linux Server6.0
RedhatEnterprise Linux Server Aus7.2
RedhatEnterprise Linux Server Eus7.2
RedhatEnterprise Linux Workstation6.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2016-6325?

CVE-2016-6325 is a vulnerability with a CVSS score of 7.8 (HIGH). The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allo...

How severe is CVE-2016-6325?

CVE-2016-6325 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6325?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat, Redhat Jboss Enterprise Web Server, Redhat Jboss Web Server, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop.