Vulnerability in Redhat Enterprise_linux

CVE-2013-1976

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbit…

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

Affected products

Redhat Enterprise_linux — versions 5, 6.0
Redhat Jboss_enterprise_web_server — versions 1.0.2, 2.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

RHSA-2013:0871 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:0869 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2013:0870 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:0872 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
openSUSE-SU-2013:1306 (vendor-advisory, x_refsource_SUSE)