all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache Tomcat Privilege Escalation

Add to bookmarks

Web: https://packetstormsecurity.com/files/171337/tomcat_rhel_based_temp_priv_esc.rb.txt

March 14, 2023, 2:39 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploits a vulnerability in RedHat based systems where improper file permissions are applied to /usr/lib/tmpfiles.d/tomcat.conf for Apache Tomcat versions before 7.0.54-8. The configuration files in tmpfiles.d are used by systemd-tmpfiles to manage temporary files including their creation. With this weak permission, you are able to inject commands into the systemd-tmpfiles service to write a cron job to execute a payload. systemd-tmpfiles is executed by default on boot on RedHat-based systems through systemd-tmpfiles-setup.service. Depending on the system in …

apache escalation privilege privilege escalation tomcat

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-5960-1 2 hours ago | packetstormsecurity.com
notice security security notice ubuntu +1
Red Hat Security Advisory 2023-1303-01 2 hours ago | packetstormsecurity.com
advisory red hat security security advisory
MyBB External Redirect Warning 1.3 Cross Site Scripting 2 hours ago | packetstormsecurity.com
cross site scripting external mybb scripting +2
MyBB Active Threads 1.3.0 Cross Site Scripting 2 hours ago | packetstormsecurity.com
cross site scripting mybb scripting site
101+ News Portal 1.0 SQL Injection 2 hours ago | packetstormsecurity.com
injection portal sql sql injection
Shannon Baseband NrSmPcoCodec Intra-Object Overflow 3 hours ago | packetstormsecurity.com
baseband object overflow
Red Hat Security Advisory 2023-1286-01 3 hours ago | packetstormsecurity.com
advisory red hat security security advisory
Music Gallery Site 1.0 Cross Site Scripting 3 hours ago | packetstormsecurity.com
cross site scripting music scripting site
Medicine Tracker System 1.0 Cross Site Scripting 3 hours ago | packetstormsecurity.com
cross site scripting medicine scripting site +2

Latest InfoSec / Cybersecurity Jobs

View more jobs Post a job on infosec-jobs.com

Cyber Security Specialist

@ NielsenIQ | Algiers, Algeria
View on infosec-jobs.com

Chief Information Security Officer

@ Business Wire | United States
View on infosec-jobs.com

Sr. Red Team Engineer

@ Picus | Ankara, Turkey
View on infosec-jobs.com

Cyber Security Expert

@ AVIV Group | Paris, France
View on infosec-jobs.com

Security Architect

@ Eurofins | Barcelona, Poland
View on infosec-jobs.com

Engineering Manager, Cloud Security

@ Patreon | Remote
View on infosec-jobs.com

Sr. Cybersecurity Engineer - Identity and Access Management

@ Visa | Bengaluru, India
View on infosec-jobs.com

Research Engineer- Atmospheric Perils Vulnerability

@ Verisk | Boston, MA, United States
View on infosec-jobs.com

Security Engineer, SIRT

@ Amazon.com | Dublin, IRL
View on infosec-jobs.com

Sr Incident Response Analyst

@ ServiceNow | Dublin, Ireland
View on infosec-jobs.com

Security Architect

@ AVIV Group | Paris, France
View on infosec-jobs.com

Regulatory Compliance Specialist - ISMS

@ Intelerad | Remote, OR, United States
View on infosec-jobs.com