ID CVE-2007-5342 Type cve Reporter NVD Modified 2017-09-28T21:29:35
Description
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
{"result": {"osvdb": [{"id": "OSVDB:39833", "type": "osvdb", "title": "Apache Tomcat JULI Logging Component catalina.policy Security Bypass", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://tomcat.apache.org/security-6.html\nVendor Specific News/Changelog Entry: http://tomcat.apache.org/security-5.html\n[Secunia Advisory ID:28274](https://secuniaresearch.flexerasoftware.com/advisories/28274/)\nOther Advisory URL: http://svn.apache.org/viewvc?view=rev&revision=606594\nOther Advisory URL: http://securityreason.com/securityalert/3485\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-12/0284.html\nISS X-Force ID: 39201\nFrSIRT Advisory: ADV-2008-0013\n[CVE-2007-5342](https://vulners.com/cve/CVE-2007-5342)\nBugtraq ID: 27006\n", "published": "2007-12-23T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:39833", "cvelist": ["CVE-2007-5342"], "lastseen": "2017-04-28T13:20:35"}], "seebug": [{"id": "SSV:2703", "type": "seebug", "title": "Apache Tomcat JULI\u65e5\u5fd7\u7ec4\u4ef6\u9ed8\u8ba4\u5b89\u5168\u7b56\u7565\u6f0f\u6d1e", "description": "BUGTRAQ ID: 27006\r\nCVE(CAN) ID: CVE-2007-5342\r\n\r\nApache Tomcat\u662f\u4e00\u4e2a\u6d41\u884c\u7684\u5f00\u653e\u6e90\u7801\u7684JSP\u5e94\u7528\u670d\u52a1\u5668\u7a0b\u5e8f\u3002\r\n\r\nApache Tomcat\u7684JULI\u65e5\u5fd7\u7ec4\u4ef6\u5141\u8bb8Web\u5e94\u7528\u63d0\u4f9b\u81ea\u5df1\u7684\u65e5\u5fd7\u914d\u7f6e\uff0c\u9ed8\u8ba4\u7684\u5b89\u5168\u7b56\u7565\u6ca1\u6709\u9650\u5236\u8fd9\u79cd\u914d\u7f6e\uff0c\u5141\u8bb8\u4e0d\u53ef\u4fe1\u4efb\u7684Web\u5e94\u7528\u6dfb\u52a0\u6587\u4ef6\uff0c\u6216\u8986\u76d6Tomcat\u8fdb\u7a0b\u62e5\u6709\u6743\u9650\u7684\u5df2\u6709\u6587\u4ef6\u3002\r\n\r\n\n\nApache Group Tomcat 6.0.0 - 6.0.15\r\nApache Group Tomcat 5.5.9 - 5.5.25\n \u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch target=_blank>http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch</a>", "published": "2007-12-26T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-2703", "cvelist": ["CVE-2007-5342"], "lastseen": "2017-11-19T21:52:03"}], "openvas": [{"id": "OPENVAS:870029", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2008:0042-01", "description": "Check for the Version of tomcat", "published": "2009-03-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870029", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2017-07-27T10:55:58"}, {"id": "OPENVAS:1361412562310122603", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2008-0042", "description": "Oracle Linux Local Security Checks ELSA-2008-0042", "published": "2015-10-08T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122603", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2017-07-24T12:53:37"}, {"id": "OPENVAS:1361412562310870029", "type": "openvas", "title": "RedHat Update for tomcat RHSA-2008:0042-01", "description": "Check for the Version of tomcat", "published": "2009-03-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870029", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2018-04-09T11:39:28"}, {"id": "OPENVAS:60810", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200804-10 (tomcat)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200804-10.", "published": "2008-09-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60810", "cvelist": ["CVE-2007-5342", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "lastseen": "2017-07-24T12:49:42"}, {"id": "OPENVAS:60102", "type": "openvas", "title": "Debian Security Advisory DSA 1447-1 (tomcat5.5)", "description": "The remote host is missing an update to tomcat5.5\nannounced via advisory DSA 1447-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60102", "cvelist": ["CVE-2007-5342", "CVE-2007-3382", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385"], "lastseen": "2017-07-24T12:49:49"}, {"id": "OPENVAS:1361412562310830681", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)", "description": "Check for the Version of tomcat5", "published": "2009-04-09T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830681", "cvelist": ["CVE-2007-5342", "CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "lastseen": "2018-04-09T11:39:51"}, {"id": "OPENVAS:830681", "type": "openvas", "title": "Mandriva Update for tomcat5 MDVSA-2008:188 (tomcat5)", "description": "Check for the Version of tomcat5", "published": "2009-04-09T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830681", "cvelist": ["CVE-2007-5342", "CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "lastseen": "2017-07-24T12:56:32"}, {"id": "OPENVAS:860524", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2008-1467", "description": "Check for the Version of tomcat5", "published": "2009-02-16T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860524", "cvelist": ["CVE-2007-5342", "CVE-2007-1355", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-6286", "CVE-2007-3385", "CVE-2007-1358", "CVE-2008-0002"], "lastseen": "2017-07-25T10:57:08"}, {"id": "OPENVAS:860345", "type": "openvas", "title": "Fedora Update for tomcat5 FEDORA-2008-1603", "description": "Check for the Version of tomcat5", "published": "2009-02-16T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860345", "cvelist": ["CVE-2007-5342", "CVE-2007-1355", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-6286", "CVE-2007-3385", "CVE-2007-1358", "CVE-2008-0002"], "lastseen": "2017-07-25T10:56:00"}, {"id": "OPENVAS:65836", "type": "openvas", "title": "SLES10: Security update for Websphere Community Edition", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n websphere-as_ce\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-10-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65836", "cvelist": ["CVE-2007-5342", "CVE-2007-5333", "CVE-2007-3382", "CVE-2007-0184", "CVE-2007-0185", "CVE-2008-1947", "CVE-2007-2450", "CVE-2007-2449", "CVE-2007-5613", "CVE-2007-3386", "CVE-2008-2938", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-2370", "CVE-2007-2377", "CVE-2007-3385", "CVE-2008-1232", "CVE-2007-5615", "CVE-2008-0002"], "lastseen": "2017-07-26T08:56:20"}], "nessus": [{"id": "REDHAT-RHSA-2008-0831.NASL", "type": "nessus", "title": "RHEL 4 : JBoss EAP (RHSA-2008:0831)", "description": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix various security issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP02.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nJBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.3.0.CP01.\n\nThese updated packages include bug fixes and enhancements which are detailed in the release notes. The link to the release notes is available below in the References section.\n\nThe following security issues are also fixed with this release :\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nThe property that controls the download of server classes was set to 'true' in the 'production' configuration. When the class download service is bound to an external interface, a remote attacker was able to download arbitrary class files from the server class path.\n(CVE-2008-3519)\n\nWarning: before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 4 are advised to upgrade to these updated packages, which resolve these issues.", "published": "2013-01-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63864", "cvelist": ["CVE-2007-5342", "CVE-2008-3519"], "lastseen": "2017-10-29T13:35:56"}, {"id": "SL_20080311_TOMCAT_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : tomcat on SL5.x i386/x86_64", "description": "A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)", "published": "2012-08-01T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60371", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2017-10-29T13:40:27"}, {"id": "REDHAT-RHSA-2008-0832.NASL", "type": "nessus", "title": "RHEL 5 : JBoss EAP (RHSA-2008:0832)", "description": "Updated JBoss Enterprise Application Platform (JBEAP) 4.3 packages that fix various security issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP02.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nJBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.3.0.CP01.\n\nThese updated packages include bug fixes and enhancements which are detailed in the release notes. The link to the release notes is available below in the References section.\n\nThe following security issues are also fixed with this release :\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nThe property that controls the download of server classes was set to 'true' in the 'production' configuration. When the class download service is bound to an external interface, a remote attacker was able to download arbitrary class files from the server class path.\n(CVE-2008-3519)\n\nWarning: before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages, which resolve these issues.", "published": "2013-01-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63865", "cvelist": ["CVE-2007-5342", "CVE-2008-3519"], "lastseen": "2017-10-29T13:35:24"}, {"id": "REDHAT-RHSA-2008-0042.NASL", "type": "nessus", "title": "RHEL 5 : tomcat (RHSA-2008:0042)", "description": "Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages technologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.", "published": "2008-03-13T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31448", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2017-10-29T13:44:56"}, {"id": "REDHAT-RHSA-2008-0834.NASL", "type": "nessus", "title": "RHEL 5 : JBoss EAP (RHSA-2008:0834)", "description": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix various security issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.2.0.CP04.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nJBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a replacement to JBEAP 4.2.0.CP03.\n\nThese updated packages include bug fixes and enhancements which are detailed in the release notes. The link to the release notes is available below in the References section.\n\nThe following security issues are also fixed with this release :\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nThe property that controls the download of server classes was set to 'true' in the 'production' configuration. When the class download service is bound to an external interface, a remote attacker was able to download arbitrary class files from the server class path.\n(CVE-2008-3519)\n\nWarning: before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 5 are advised to upgrade to these updated packages, which resolve these issues.", "published": "2013-01-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63867", "cvelist": ["CVE-2007-5342", "CVE-2008-3519"], "lastseen": "2017-10-29T13:42:14"}, {"id": "REDHAT-RHSA-2008-0833.NASL", "type": "nessus", "title": "RHEL 4 : JBoss EAP (RHSA-2008:0833)", "description": "Updated JBoss Enterprise Application Platform (JBEAP) 4.2 packages that fix various security issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP04.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nJBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss Application Server, with JBoss Hibernate and JBoss Seam into a complete, simple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 4 serves as a replacement to JBEAP 4.2.0.CP03.\n\nThese updated packages include bug fixes and enhancements which are detailed in the release notes. The link to the release notes is available below in the References section.\n\nThe following security issues are also fixed with this release :\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nThe property that controls the download of server classes was set to 'true' in the 'production' configuration. When the class download service is bound to an external interface, a remote attacker was able to download arbitrary class files from the server class path.\n(CVE-2008-3519)\n\nWarning: before applying this update, please backup the JBEAP 'server/[configuration]/deploy/' directory, and any other customized configuration files.\n\nAll users of JBEAP 4.2 on Red Hat Enterprise Linux 4 are advised to upgrade to these updated packages, which resolve these issues.", "published": "2013-01-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63866", "cvelist": ["CVE-2007-5342", "CVE-2008-3519"], "lastseen": "2017-10-29T13:36:57"}, {"id": "CENTOS_RHSA-2008-0042.NASL", "type": "nessus", "title": "CentOS 5 : tomcat (CESA-2008:0042)", "description": "Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages technologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.", "published": "2010-01-06T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=43669", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2018-06-29T06:12:46"}, {"id": "ORACLELINUX_ELSA-2008-0042.NASL", "type": "nessus", "title": "Oracle Linux 5 : tomcat (ELSA-2008-0042)", "description": "From Red Hat Security Advisory 2008:0042 :\n\nUpdated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages technologies.\n\nA directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process.\n(CVE-2007-5461)\n\nThe default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342)\n\nUsers of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67640", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2018-07-21T08:32:20"}, {"id": "FEDORA_2008-1603.NASL", "type": "nessus", "title": "Fedora 8 : tomcat5-5.5.26-1jpp.2.fc8 (2008-1603)", "description": "- Tue Feb 12 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.2\n\n - Rebuilt\n\n - Fri Feb 8 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.26-1jpp.1\n\n - Update to new upstream version, which also fixes the following :\n\n - CVE-2007-5342\n\n - CVE-2007-5333\n\n - CVE-2007-5461\n\n - CVE-2007-6286\n\n - Removed patch20, now in upstream.\n\n - Sat Jan 5 2008 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-2jpp.2\n\n - Fix for bz #153187\n\n - Fix init script for bz #380921\n\n - Fix tomcat5.conf and spec file for bz #253605\n\n - Fix for bz #426850\n\n - Fix for bz #312561\n\n - Fix init script, per bz #247077\n\n - Fix builds on alpha, per bz #253827\n\n - Thu Nov 15 2007 Devrim GUNDUZ <devrim at commandprompt.com> 0:5.5.25-1jpp.1\n\n - Updated to 5.5.25, to fix the following issues :\n\n - CVE-2007-1355\n\n - CVE-2007-3386\n\n - CVE-2007-3385\n\n - CVE-2007-3382\n\n - CVE-2007-2450, RH bugzilla #244808, #244810, #244812, #363081\n\n - CVE-2007-2449, RH bugzilla #244810, #244812, #244804, #363081\n\n - Applied patch(20) for RH bugzilla #333791, CVE-2007-5461\n\n - Applied patch(21) for RH bugzilla #244803, #244812, #363081, CVE-2007-1358\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-14T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31074", "cvelist": ["CVE-2007-5342", "CVE-2007-5333", "CVE-2007-6286", "CVE-2008-0002"], "lastseen": "2017-10-29T13:37:10"}, {"id": "MANDRIVA_MDVSA-2008-188.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188)", "description": "A number of vulnerabilities have been discovered in the Apache Tomcat server :\n\nThe default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary files (CVE-2007-5342).\n\nA cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).\n\nA cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).\n\nA traversal vulnerability was found when using a RequestDispatcher in combination with a servlet or JSP that could allow a remote attacker to utilize a specially crafted request parameter to access protected web resources (CVE-2008-2370).\n\nA traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938).\n\nThe updated packages have been patched to correct these issues.", "published": "2009-04-23T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36926", "cvelist": ["CVE-2007-5342", "CVE-2008-1947", "CVE-2008-2938", "CVE-2008-2370", "CVE-2008-1232"], "lastseen": "2017-10-29T13:40:12"}], "centos": [{"id": "CESA-2008:0042", "type": "centos", "title": "tomcat5 security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0042\n\n\nTomcat is a servlet container for Java Servlet and JavaServer Pages\r\ntechnologies.\r\n\r\nA directory traversal vulnerability existed in the Apache Tomcat webdav\r\nservlet. In some configurations it allowed remote authenticated users to\r\nread files accessible to the local tomcat process. (CVE-2007-5461)\r\n\r\nThe default security policy in the JULI logging component did not restrict\r\naccess permissions to files. This could be misused by untrusted web\r\napplications to access and write arbitrary files in the context of the\r\ntomcat process. (CVE-2007-5342)\r\n\r\nUsers of Tomcat should update to these errata packages, which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014764.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/014765.html\n\n**Affected packages:**\ntomcat5\ntomcat5-admin-webapps\ntomcat5-common-lib\ntomcat5-jasper\ntomcat5-jasper-javadoc\ntomcat5-jsp-2.0-api\ntomcat5-jsp-2.0-api-javadoc\ntomcat5-server-lib\ntomcat5-servlet-2.4-api\ntomcat5-servlet-2.4-api-javadoc\ntomcat5-webapps\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0042.html", "published": "2008-03-19T00:04:06", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-March/014764.html", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2017-10-03T18:25:12"}], "oraclelinux": [{"id": "ELSA-2008-0042", "type": "oraclelinux", "title": "Moderate: tomcat security update ", "description": " [5.5.23-0jpp.3.0.3]\n - Patch for CVE-2007-5342\n Resolves: bz# 427776\n - Patch for CVE-2007-5461\n Resolves: bz# 334561 ", "published": "2008-03-11T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0042.html", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2016-09-04T11:16:04"}], "redhat": [{"id": "RHSA-2008:0832", "type": "redhat", "title": "(RHSA-2008:0832) Low: JBoss Enterprise Application Platform 4.3.0CP02 security update", "description": "JBoss Enterprise Application Platform is the market leading platform for\ninnovative and scalable Java applications; integrating the JBoss\nApplication Server, with JBoss Hibernate and JBoss Seam into a complete,\nsimple enterprise solution.\n\nThis release of JBEAP for Red Hat Enterprise Linux 5 serves as a\nreplacement to JBEAP 4.3.0.CP01.\n\nThese updated packages include bug fixes and enhancements which are\ndetailed in the release notes. The link to the release notes is available\nbelow in the References section.\n\nThe following security issues are also fixed with this release: \n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\ntomcat process. (CVE-2007-5342)\n\nThe property that controls the download of server classes was set to \"true\"\nin the \"production\" configuration. When the class download service is bound\nto an external interface, a remote attacker was able to download arbitrary\nclass files from the server class path. (CVE-2008-3519)\n\nWarning: before applying this update, please backup the JBEAP\n\"server/[configuration]/deploy/\" directory, and any other customized\nconfiguration files.\n\nAll users of JBEAP 4.3 on Red Hat Enterprise Linux 5 are advised to upgrade\nto these updated packages, which resolve these issues.", "published": "2008-09-22T04:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0832", "cvelist": ["CVE-2007-5342", "CVE-2008-3519"], "lastseen": "2016-09-04T11:17:48"}, {"id": "RHSA-2008:0042", "type": "redhat", "title": "(RHSA-2008:0042) Moderate: tomcat security update", "description": "Tomcat is a servlet container for Java Servlet and JavaServer Pages\r\ntechnologies.\r\n\r\nA directory traversal vulnerability existed in the Apache Tomcat webdav\r\nservlet. In some configurations it allowed remote authenticated users to\r\nread files accessible to the local tomcat process. (CVE-2007-5461)\r\n\r\nThe default security policy in the JULI logging component did not restrict\r\naccess permissions to files. This could be misused by untrusted web\r\napplications to access and write arbitrary files in the context of the\r\ntomcat process. (CVE-2007-5342)\r\n\r\nUsers of Tomcat should update to these errata packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "published": "2008-03-11T04:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0042", "cvelist": ["CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2017-09-09T07:20:37"}, {"id": "RHSA-2008:0195", "type": "redhat", "title": "(RHSA-2008:0195) Moderate: tomcat security update", "description": "Tomcat is a servlet container for Java Servlet and Java Server Pages\r\ntechnologies.\r\n\r\nTomcat was found treating single quote characters -- ' -- as delimiters in\r\ncookies. This could allow remote attackers to obtain sensitive information,\r\nsuch as session IDs, for session hijacking attacks (CVE-2007-3382).\r\n\r\nIt was reported Tomcat did not properly handle the following character\r\nsequence in a cookie: \\\" (a backslash followed by a double-quote). It was\r\npossible remote attackers could use this failure to obtain sensitive\r\ninformation, such as session IDs, for session hijacking attacks\r\n(CVE-2007-3385).\r\n\r\nA directory traversal vulnerability existed in the Apache Tomcat webdav\r\nservlet. This allowed remote attackers to remote authenticated users to\r\nread accessible to the local user running the tomcat process (CVE-2007-5461).\r\n\r\nThe default security policy in the JULI logging component did not restrict\r\naccess permissions to files. This could be misused by untrusted web\r\napplications to access and write arbitrary files in the context of the\r\ntomcat process (CVE-2007-5342).\r\n\r\nUsers of Tomcat should update to these erratum packages, which contain\r\nbackported patches and are not vulnerable to these issues.", "published": "2008-04-28T04:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0195", "cvelist": ["CVE-2007-3382", "CVE-2007-3385", "CVE-2007-5342", "CVE-2007-5461"], "lastseen": "2018-05-06T19:01:35"}, {"id": "RHSA-2008:0862", "type": "redhat", "title": "(RHSA-2008:0862) Important: tomcat security update", "description": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.", "published": "2008-10-02T04:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2008:0862", "cvelist": ["CVE-2007-5342", "CVE-2007-5461", "CVE-2008-1232", "CVE-2008-1947", "CVE-2008-2370", "CVE-2008-2938"], "lastseen": "2018-05-06T19:00:46"}], "debian": [{"id": "DSA-1447", "type": "debian", "title": "tomcat5.5 -- several vulnerabilities", "description": "Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: \n\n * [CVE-2007-3382](<https://security-tracker.debian.org/tracker/CVE-2007-3382>)\n\nIt was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. \n\n * [CVE-2007-3385](<https://security-tracker.debian.org/tracker/CVE-2007-3385>)\n\nIt was discovered that the character sequence \\\" in cookies was handled incorrectly, which could lead to an information leak. \n\n * [CVE-2007-3386](<https://security-tracker.debian.org/tracker/CVE-2007-3386>)\n\nIt was discovered that the host manager servlet performed insufficient input validation, which could lead to a cross-site scripting attack. \n\n * [CVE-2007-5342](<https://security-tracker.debian.org/tracker/CVE-2007-5342>)\n\nIt was discovered that the JULI logging component did not restrict its target path, resulting in potential denial of service through file overwrites. \n\n * [CVE-2007-5461](<https://security-tracker.debian.org/tracker/CVE-2007-5461>)\n\nIt was discovered that the WebDAV servlet is vulnerable to absolute path traversal. \n\nThe old stable distribution (sarge) doesn't contain tomcat5.5. \n\nFor the stable distribution (etch), these problems have been fixed in version 5.5.20-2etch1. \n\nFor the unstable distribution (sid) these problems will be fixed soon. \n\nWe recommend that you upgrade your tomcat5.5 packages.", "published": "2008-01-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://www.debian.org/security/dsa-1447", "cvelist": ["CVE-2007-5342", "CVE-2007-3382", "CVE-2007-3386", "CVE-2007-5461", "CVE-2007-3385"], "lastseen": "2016-09-02T18:22:54"}], "gentoo": [{"id": "GLSA-200804-10", "type": "gentoo", "title": "Tomcat: Multiple vulnerabilities", "description": "### Background\n\nTomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. \n\n### Description\n\nThe following vulnerabilities were reported: \n\n * Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or overwrite files (CVE-2007-5342).\n * When the native APR connector is used, Tomcat does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of a duplicate copy of one of the recent requests (CVE-2007-6286).\n * If the processing or parameters is interrupted, i.e. by an exception, then it is possible for the parameters to be processed as part of later request (CVE-2008-0002).\n * An absolute path traversal vulnerability exists due to the way that WebDAV write requests are handled (CVE-2007-5461).\n * Tomcat does not properly handle double quote (\") characters or %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks (CVE-2007-5333).\n\n### Impact\n\nThese vulnerabilities can be exploited by: \n\n * a malicious web application to add or overwrite files with the permissions of the user running Tomcat. \n * a remote attacker to conduct session hijacking or disclose sensitive data. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Tomcat 5.5.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-5.5.26\"\n\nAll Tomcat 6.0.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-servers/tomcat-6.0.16\"", "published": "2008-04-10T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://security.gentoo.org/glsa/200804-10", "cvelist": ["CVE-2007-5342", "CVE-2007-5333", "CVE-2007-5461", "CVE-2007-6286", "CVE-2008-0002"], "lastseen": "2016-09-06T19:47:06"}], "vmware": [{"id": "VMSA-2008-0010", "type": "vmware", "title": "Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter", "description": " \nESX patches and updates for VirtualCenter fix the following \napplication vulnerabilities.\n", "published": "2008-06-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2008-0010.html", "cvelist": ["CVE-2007-5342", "CVE-2008-1195", "CVE-2008-1194", "CVE-2007-5238", "CVE-2008-1191", "CVE-2007-5333", "CVE-2007-5232", "CVE-2007-5240", "CVE-2008-1189", "CVE-2008-1186", "CVE-2008-0657", "CVE-2008-1185", "CVE-2007-5237", "CVE-2008-1196", "CVE-2007-5461", "CVE-2007-5236", "CVE-2007-6286", "CVE-2008-1190", "CVE-2008-1187", "CVE-2007-5689", "CVE-2008-1188", "CVE-2007-5239", "CVE-2007-5274", "CVE-2008-1193", "CVE-2008-1192"], "lastseen": "2016-09-04T11:19:37"}, {"id": "VMSA-2009-0016", "type": "vmware", "title": "VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.", "description": "a. JRE Security Update \n \nJRE update to version 1.5.0_20, which addresses multiple security \nissues that existed in earlier releases of JRE. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the following names to the security issues fixed in \nJRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, \nCVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, \nCVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, \nCVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has \nassigned the following names to the security issues fixed in \nJRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, \nCVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, \nCVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, \nCVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \nThe following table lists what action remediates the vulnerability \n(column 4) if a solution is available. \n\n", "published": "2009-11-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2009-0016.html", "cvelist": ["CVE-2007-5342", "CVE-2007-2052", "CVE-2009-1095", "CVE-2009-1093", "CVE-2009-1104", "CVE-2009-1096", "CVE-2009-2670", "CVE-2009-1895", "CVE-2009-2692", "CVE-2009-1099", "CVE-2009-2716", "CVE-2009-2417", "CVE-2008-1721", "CVE-2009-1097", "CVE-2008-3143", "CVE-2009-2414", "CVE-2008-4864", "CVE-2009-1385", "CVE-2008-5700", "CVE-2008-3528", "CVE-2009-0033", "CVE-2009-2723", "CVE-2009-2718", "CVE-2007-5333", "CVE-2009-0675", "CVE-2009-0747", "CVE-2009-0787", "CVE-2009-2416", "CVE-2008-4307", "CVE-2009-0696", "CVE-2009-2722", "CVE-2007-4965", "CVE-2009-0746", "CVE-2009-0580", "CVE-2009-2698", "CVE-2009-0028", "CVE-2009-2720", "CVE-2009-0781", "CVE-2008-5515", "CVE-2009-2625", "CVE-2008-1947", "CVE-2009-0778", "CVE-2009-2673", "CVE-2009-1100", "CVE-2008-3144", "CVE-2009-1072", "CVE-2009-0322", "CVE-2009-0159", "CVE-2009-0676", "CVE-2009-1192", "CVE-2009-1098", "CVE-2009-1094", "CVE-2009-0745", "CVE-2007-5461", "CVE-2008-3142", "CVE-2009-2407", "CVE-2009-1106", "CVE-2009-1337", "CVE-2009-1103", "CVE-2007-5966", "CVE-2009-1388", "CVE-2009-0783", "CVE-2009-0269", "CVE-2007-6286", "CVE-2009-2724", "CVE-2009-1389", "CVE-2008-2370", "CVE-2009-0834", "CVE-2009-1633", "CVE-2008-2315", "CVE-2009-0748", "CVE-2009-1101", "CVE-2009-2406", "CVE-2009-1439", "CVE-2009-1336", "CVE-2009-2848", "CVE-2009-1252", "CVE-2008-1887", "CVE-2009-1107", "CVE-2009-2671", "CVE-2008-1232", "CVE-2008-5031", "CVE-2009-1102", "CVE-2009-1630", "CVE-2009-2672", "CVE-2009-2847", "CVE-2009-2719", "CVE-2009-2676", "CVE-2009-1105", "CVE-2009-2721", "CVE-2009-2675", "CVE-2008-0002"], "lastseen": "2016-09-04T11:19:40"}]}}
