High severity7.8NVD Advisory· Published Oct 13, 2016· Updated May 6, 2026
CVE-2016-5425
CVE-2016-5425
Description
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.htmlnvdExploitThird Party Advisory
- packetstormsecurity.com/files/139041/Apache-Tomcat-8-7-6-Privilege-Escalation.htmlnvdExploitThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2016-2046.htmlnvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/10/10/2nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/93472nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036979nvdThird Party AdvisoryVDB Entry
- www.exploit-db.com/exploits/40488/nvdThird Party AdvisoryVDB Entry
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlnvdThird Party Advisory
- lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3Envd
News mentions
0No linked articles in our index yet.