Posted by Dawid Golunski on Oct 03

CVE: CVE-2016-1240
Vulnerability: Tomcat packaging on Debian-based distros – Local Root
Privilege Escalation
Affected packages: Tomcat 6/7/8 deb packages (up to 8.0.36-2)
Systems affected: Debian & Ubuntu & possibly others (using the
affected deb packages)

Discovered by:
Dawid Golunski (http://legalhackers.com)

Tomcat (6, 7, 8) packages provided by default repositories on Debian-based
distributions (including Debian, Ubuntu etc.)…