← back
CVE-2016-5425

CVE-2016-5425

EPSS 3.8%
Vexday Risk Score
38Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 3.8%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
10 Oct 2016Metasploit module available
10 Oct 2016Public PoC
13 Oct 2016Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.