CVE-2004-1452

3 documents3 sources
Severity
7.2HIGH
EPSS
0.1%
top 81.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gentoo Linux
Timeline
PublishedDec 31
Latest updateApr 29

Description

Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDgentoo/linux5 versions+4

Patches

Patch: secunia.comPatch: www.gentoo.orgPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-5ff6-r4w3-v8gw: Tomcat before 52022-04-29
CVEList
CVE-2004-1452: Tomcat before 52005-02-13
CVE-2004-1452 (HIGH CVSS 7.2) | Tomcat before 5.0.27-r3 in Gentoo L | cvebase.io