CVE-2013-1976 : The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM d

The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.

Published 2013-07-09 17:55:01

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2013-1976

Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 5
cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Web Server » Version: 1.0.2
cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.2:*:*:*:*:*:*:*
Matching versions
Redhat » Jboss Enterprise Web Server » Version: 2.0.0
cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2013-1976

Top countries where our scanners detected CVE-2013-1976

Top open port discovered on systems with this issue 53

IPs affected by CVE-2013-1976 137,248

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2013-1976!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2013-1976

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-1976

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-1976

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1976

http://rhn.redhat.com/errata/RHSA-2013-0872.html

RHSA-2013:0872 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0870.html

RHSA-2013:0870 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=927622

927622 – (CVE-2013-1976) CVE-2013-1976 tomcat: Improper TOMCAT_LOG management in init script (DoS, ACE)
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0871.html

RHSA-2013:0871 - Security Advisory - Red Hat Customer Portal
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0869.html

RHSA-2013:0869 - Security Advisory - Red Hat Customer Portal
Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html

openSUSE-SU-2013:1306-1: moderate: tomcat

CVEs referencing this url