Privilege Escalation Vulnerability in Tomcat Init Scripts

Privilege Escalation Vulnerability in Tomcat Init Scripts

CVE-2004-1452 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

Learn more about our Cis Benchmark Audit For Debian Family Linux.