Home

CVE-2013-1976

Description

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.033

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-5.5.23-0jpp.40.el5_9.i386.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-5.5.23-0jpp.40.el5_9.x86_64.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.i386.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-admin-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-common-lib-5.5.23-0jpp.40.el5_9.i386.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-common-lib-5.5.23-0jpp.40.el5_9.x86_64.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-jasper-5.5.23-0jpp.40.el5_9.i386.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-jasper-5.5.23-0jpp.40.el5_9.x86_64.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.i386.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-jasper-javadoc-5.5.23-0jpp.40.el5_9.x86_64.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-server-lib-5.5.23-0jpp.40.el5_9.i386.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-server-lib-5.5.23-0jpp.40.el5_9.x86_64.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-webapps-5.5.23-0jpp.40.el5_9.i386.rpmLinux
(RHSA-2013:0870) Important: tomcat5 security update tomcat5-webapps-5.5.23-0jpp.40.el5_9.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234