Link Following Affecting tomcat6 package, versions <0:6.0.24-55.el6_4


Severity

Recommended
0.0
high
0
10

Based on CentOS security rating.

Threat Intelligence

EPSS
0.04% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS6-TOMCAT6-2078719
  • published26 Jul 2021
  • disclosed28 May 2013

Introduced: 28 May 2013

CVE-2013-1976  (opens in a new tab)
CWE-59  (opens in a new tab)

How to fix?

Upgrade Centos:6 tomcat6 to version 0:6.0.24-55.el6_4 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream tomcat6 package and not the tomcat6 package as distributed by Centos. See How to fix? for Centos:6 relevant fixed versions and status.

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

CVSS Scores

version 3.1