VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1240.json
epss	0.15385	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.15385	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.16354	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.19505	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.19505	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240
epss	0.20656	https://api.first.org/data/v1/epss?cve=CVE-2016-1240

System

Score

Found at

cvssv3

7.0

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1240.json

epss

0.15385

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.15385

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.16354

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.19505

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.19505

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

epss

0.20656

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1240.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-1240
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1240
1376712		https://bugzilla.redhat.com/show_bug.cgi?id=1376712
CVE-2016-1240	Exploit	http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html
CVE-2016-1240	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40450.txt
RHSA-2017:0457		https://access.redhat.com/errata/RHSA-2017:0457
USN-3081-1		https://usn.ubuntu.com/3081-1/
USN-3081-2		https://usn.ubuntu.com/3081-2/

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1240.json

https://api.first.org/data/v1/epss?cve=CVE-2016-1240

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1240

1376712

https://bugzilla.redhat.com/show_bug.cgi?id=1376712

CVE-2016-1240

Exploit

http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html

CVE-2016-1240

Exploit

https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40450.txt

RHSA-2017:0457

https://access.redhat.com/errata/RHSA-2017:0457

USN-3081-1

https://usn.ubuntu.com/3081-1/

USN-3081-2

https://usn.ubuntu.com/3081-2/

Data source	Exploit-DB
Date added	Oct. 3, 2016
Description	Apache Tomcat 8/7/6 (Debian-Based Distros) - Local Privilege Escalation
Ransomware campaign use	Known
Source publication date	Oct. 3, 2016
Exploit type	local
Platform	linux
Source update date	Oct. 3, 2016
Source URL	http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html

Exploit-DB

Oct. 3, 2016

Apache Tomcat 8/7/6 (Debian-Based Distros) - Local Privilege Escalation

Known

Oct. 3, 2016

local

linux

Oct. 3, 2016

http://legalhackers.com/advisories/Tomcat-DebPkgs-Root-Privilege-Escalation-Exploit-CVE-2016-1240.html

Data source	Metasploit
Description	Tomcat (6, 7, 8) packages provided by default repositories on Debian-based distributions (including Debian, Ubuntu etc.) provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account (for example, by exploiting an RCE vulnerability in a java web application hosted on Tomcat, uploading a webshell etc.) to escalate their privileges from tomcat user to root and fully compromise the target system. Tested against Tomcat 8.0.32-1ubuntu1.1 on Ubuntu 16.04
Note	Stability: - crash-safe Reliability: - repeatable-session SideEffects: - artifacts-on-disk - config-changes - ioc-in-logs
Ransomware campaign use	Unknown
Source publication date	Sept. 30, 2016
Platform	Linux
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/tomcat_ubuntu_log_init_priv_esc.rb

Metasploit

Tomcat (6, 7, 8) packages provided by default repositories on Debian-based distributions (including Debian, Ubuntu etc.) provide a vulnerable tomcat init script that allows local attackers who have already gained access to the tomcat account (for example, by exploiting an RCE vulnerability in a java web application hosted on Tomcat, uploading a webshell etc.) to escalate their privileges from tomcat user to root and fully compromise the target system. Tested against Tomcat 8.0.32-1ubuntu1.1 on Ubuntu 16.04

Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - artifacts-on-disk
  - config-changes
  - ioc-in-logs

Unknown

Sept. 30, 2016

Linux

https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/local/tomcat_ubuntu_log_init_priv_esc.rb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:38:36.207210+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/3081-1/	37.0.0

2025-07-31T08:38:36.207210+00:00

Ubuntu USN Importer

Import

https://usn.ubuntu.com/3081-1/

37.0.0

Vulnerability ID	VCID-bb3d-fmzb-t3c2
Aliases	CVE-2016-1240
Summary
Status	Published
Exploitability	2.0
Weighted Severity	6.3
Risk	10.0
Affected and Fixed Packages	Package Details

Percentile	0.9439
EPSS Score	0.15385
Published At	Aug. 1, 2025, 12:55 p.m.