The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | - (including) | - (including) |
Red Hat Enterprise Linux 6 | RedHat | tomcat6-0:6.0.24-98.el6_8 | * |
Red Hat Enterprise Linux 7 | RedHat | tomcat-0:7.0.54-8.el7_2 | * |
Red Hat JBoss Web Server 3.1 | RedHat | * | |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | jbcs-httpd24-0:1-3.jbcs.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | tomcat7-0:7.0.70-16.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | tomcat8-0:8.0.36-17.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | tomcat-native-0:1.2.8-9.redhat_9.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 6 | RedHat | tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | jbcs-httpd24-0:1-3.jbcs.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | tomcat7-0:7.0.70-16.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | tomcat8-0:8.0.36-17.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | tomcat-native-0:1.2.8-9.redhat_9.ep7.el7 | * |
Red Hat JBoss Web Server 3 for RHEL 7 | RedHat | tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7 | * |