I added a simple PoC video for the CVE-2016-1240 vulnerability. In the PoC I used Ubuntu 16.04 with the latest tomcat7 package (version: 7.0.68-ubuntu-0.1) installed from the default ubuntu repos which appears vulnerable still. The video poc can be found at: http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html -- Regards, Dawid Golunski http://legalhackers.com
