#VU264 Privilege escalation in Oracle products - CVE-2016-0714
Published: August 5, 2016 / Updated: January 11, 2017
Vulnerability identifier: #VU264
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0714
CWE-ID: CWE-94
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Apache Tomcat
Oracle Solaris
Oracle Linux
Oracle Transportation Management
Virtual Desktop Infrastructure
Apache Tomcat
Oracle Solaris
Oracle Linux
Oracle Transportation Management
Virtual Desktop Infrastructure
Software vendor:
Apache Foundation
Oracle
Apache Foundation
Oracle
Description
The vulnerability allows a local attacker to bypass security manager restriction.
A local attacker, who controls web application, can abuse functionality of StandardManager and PersistentManager to gain control over sessions persistence, stored in files, in database or in custom Sore. Since session persistence is performed by Tomcat code with the permissions assigned to Tomcat internal code, the attacker can place specially crafted object into a session and execute arbitrary code on vulnerable system with elevated privileges.
Successful exploitation of the vulnerability may allow a local attacker to gain elevated privileges on the system.
Remediation
Install the latest version Apache Tomcat 6.0.45, 7.0.68, 8.0.32 or 9.0.0.M3
External links
- https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.45
- https://tomcat.apache.org/security-7.html
- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-9.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html