{
  "threat_severity" : "Important",
  "public_date" : "2016-10-10T00:00:00Z",
  "bugzilla" : {
    "description" : "tomcat: tomcat writable config files allow privilege escalation",
    "id" : "1367447",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1367447"
  },
  "cvss" : {
    "cvss_base_score" : "6.9",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-284",
  "details" : [ "The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.", "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges." ],
  "acknowledgement" : "This issue was discovered by Red Hat Product Security.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-10-10T00:00:00Z",
    "advisory" : "RHSA-2016:2045",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "tomcat6-0:6.0.24-98.el6_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-10T00:00:00Z",
    "advisory" : "RHSA-2016:2046",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "tomcat-0:7.0.54-8.el7_2",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3.1",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0457",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "jbcs-httpd24-0:1-3.jbcs.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "tomcat7-0:7.0.70-16.ep7.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "tomcat8-0:8.0.36-17.ep7.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "tomcat-native-0:1.2.8-9.redhat_9.ep7.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 6",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0455",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6",
    "package" : "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "hibernate4-eap6-0:4.2.23-1.Final_redhat_1.1.ep6.el7"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "jbcs-httpd24-0:1-3.jbcs.el7"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "jbcs-httpd24-apache-commons-daemon-0:1.0.15-1.redhat_2.1.jbcs.el7"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "jbcs-httpd24-apache-commons-daemon-jsvc-1:1.0.15-17.redhat_2.jbcs.el7"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "mod_cluster-0:1.3.5-2.Final_redhat_2.1.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "tomcat7-0:7.0.70-16.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "tomcat8-0:8.0.36-17.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "tomcat-native-0:1.2.8-9.redhat_9.ep7.el7"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3 for RHEL 7",
    "release_date" : "2017-03-07T00:00:00Z",
    "advisory" : "RHSA-2017:0456",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7",
    "package" : "tomcat-vault-0:1.0.8-9.Final_redhat_2.1.ep7.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "tomcat5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Web Server 2",
    "fix_state" : "Will not fix",
    "package_name" : "tomcat",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Web Server 3",
    "fix_state" : "Fix deferred",
    "package_name" : "tomcat",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-6325\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6325" ],
  "name" : "CVE-2016-6325",
  "csaw" : false
}