Privilege escalation in Oracle products - CVE-2016-0714
Published: August 5, 2016 / Updated: January 11, 2017
Vulnerability identifier: #VU264
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0714
CWE-ID: CWE-94
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Oracle
Oracle
Affected software:
Apache Tomcat
Oracle Solaris
Oracle Linux
Oracle Transportation Management
Virtual Desktop Infrastructure
Apache Tomcat
Oracle Solaris
Oracle Linux
Oracle Transportation Management
Virtual Desktop Infrastructure
Detailed vulnerability description
The vulnerability allows a local attacker to bypass security manager restriction.
A local attacker, who controls web application, can abuse functionality of StandardManager and PersistentManager to gain control over sessions persistence, stored in files, in database or in custom Sore. Since session persistence is performed by Tomcat code with the permissions assigned to Tomcat internal code, the attacker can place specially crafted object into a session and execute arbitrary code on vulnerable system with elevated privileges.
Successful exploitation of the vulnerability may allow a local attacker to gain elevated privileges on the system.
How to mitigate CVE-2016-0714
Install the latest version Apache Tomcat 6.0.45, 7.0.68, 8.0.32 or 9.0.0.M3
Sources
- https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.45
- https://tomcat.apache.org/security-7.html
- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-9.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html