Unrated severityNVD Advisory· Published Jul 9, 2013· Updated Apr 29, 2026

CVE-2013-1976

Description

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

Affected products

Red Hat/Jboss Enterprise Web Server2 versions
cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-0869.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0870.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0871.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2013-0872.htmlnvdVendor Advisory
bugzilla.redhat.com/show_bug.cginvdVendor Advisory
lists.opensuse.org/opensuse-updates/2013-08/msg00013.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000