I added a simple PoC video for the CVE-2016-1240 vulnerability. In the PoC I used Ubuntu 16.04 with the latest tomcat7 package (version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos which appears vulnerable still.
The video poc can be found at: http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html -- Regards, Dawid Golunski http://legalhackers.com _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
