{"id":"USN-3081-1","summary":"tomcat6, tomcat7, tomcat8 vulnerability","details":"Dawid Golunski discovered that the Tomcat init script incorrectly handled\ncreating log files. A remote attacker could possibly use this issue to \nobtain root privileges. (CVE-2016-1240)\n\nThis update also reverts a change in behaviour introduced in USN-3024-1 by\nsetting mapperContextRootRedirectEnabled to True by default.\n","modified":"2026-02-10T04:41:02Z","published":"2016-09-19T16:55:51Z","related":["UBUNTU-CVE-2016-1240"],"upstream":["CVE-2016-1240","UBUNTU-CVE-2016-1240"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3081-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-1240"},{"type":"REPORT","url":"https://launchpad.net/bugs/1609819"}],"affected":[{"package":{"name":"tomcat7","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/tomcat7@7.0.52-1ubuntu0.7?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.52-1ubuntu0.7"}]}],"versions":["7.0.42-1","7.0.47-1","7.0.50-1","7.0.52-1","7.0.52-1ubuntu0.1","7.0.52-1ubuntu0.3","7.0.52-1ubuntu0.6"],"ecosystem_specific":{"binaries":[{"binary_version":"7.0.52-1ubuntu0.7","binary_name":"libservlet3.0-java"},{"binary_version":"7.0.52-1ubuntu0.7","binary_name":"libtomcat7-java"},{"binary_version":"7.0.52-1ubuntu0.7","binary_name":"tomcat7"},{"binary_version":"7.0.52-1ubuntu0.7","binary_name":"tomcat7-admin"},{"binary_version":"7.0.52-1ubuntu0.7","binary_name":"tomcat7-common"},{"binary_version":"7.0.52-1ubuntu0.7","binary_name":"tomcat7-docs"},{"binary_version":"7.0.52-1ubuntu0.7","binary_name":"tomcat7-examples"},{"binary_version":"7.0.52-1ubuntu0.7","binary_name":"tomcat7-user"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3081-1.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-1240"}]}}},{"package":{"name":"tomcat8","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/tomcat8@8.0.32-1ubuntu1.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.32-1ubuntu1.2"}]}],"versions":["8.0.26-1","8.0.28-1","8.0.30-1","8.0.32-1","8.0.32-1ubuntu1","8.0.32-1ubuntu1.1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.0.32-1ubuntu1.2","binary_name":"libservlet3.1-java"},{"binary_version":"8.0.32-1ubuntu1.2","binary_name":"libtomcat8-java"},{"binary_version":"8.0.32-1ubuntu1.2","binary_name":"tomcat8"},{"binary_version":"8.0.32-1ubuntu1.2","binary_name":"tomcat8-admin"},{"binary_version":"8.0.32-1ubuntu1.2","binary_name":"tomcat8-common"},{"binary_version":"8.0.32-1ubuntu1.2","binary_name":"tomcat8-docs"},{"binary_version":"8.0.32-1ubuntu1.2","binary_name":"tomcat8-examples"},{"binary_version":"8.0.32-1ubuntu1.2","binary_name":"tomcat8-user"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3081-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2016-1240"}]}}}],"schema_version":"1.7.3"}