Lucene search

RedhatCVE-2013-0346

HistoryFeb 15, 2014 - 2:57 p.m.

CVE-2013-0346

2014-02-1514:57:07

CWE-264

redhat

web.nvd.nist.gov

cve-2013-0346

apache tomcat

log directory

permissions

sensitive information

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated “The tomcat log directory does not contain any sensitive information.”

Affected configurations

Nvd

Node

apachetomcatMatch7.0.0

apachetomcatMatch7.0.0beta

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.2beta

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.4beta

apachetomcatMatch7.0.5

apachetomcatMatch7.0.6

apachetomcatMatch7.0.7

apachetomcatMatch7.0.8

apachetomcatMatch7.0.9

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.15

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.18

apachetomcatMatch7.0.19

apachetomcatMatch7.0.20

apachetomcatMatch7.0.21

apachetomcatMatch7.0.22

apachetomcatMatch7.0.23

apachetomcatMatch7.0.24

apachetomcatMatch7.0.25

apachetomcatMatch7.0.26

apachetomcatMatch7.0.27

apachetomcatMatch7.0.28

apachetomcatMatch7.0.29

apachetomcatMatch7.0.30

apachetomcatMatch7.0.31

apachetomcatMatch7.0.32

apachetomcatMatch7.0.33

apachetomcatMatch7.0.34

apachetomcatMatch7.0.35

apachetomcatMatch7.0.36

apachetomcatMatch7.0.37

apachetomcatMatch7.0.38

apachetomcatMatch7.0.39

apachetomcatMatch7.0.40

apachetomcatMatch7.0.41

apachetomcatMatch7.0.42

apachetomcatMatch7.0.43

apachetomcatMatch7.0.44

apachetomcatMatch7.0.45

apachetomcatMatch7.0.46

apachetomcatMatch7.0.47

apachetomcatMatch7.0.48

apachetomcatMatch7.0.49

apachetomcatMatch7.0.50

VendorProductVersionCPE
apachetomcat7.0.0cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
apachetomcat7.0.0cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
apachetomcat7.0.1cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
apachetomcat7.0.2cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
apachetomcat7.0.2cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
apachetomcat7.0.3cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
apachetomcat7.0.4cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
apachetomcat7.0.4cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
apachetomcat7.0.5cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
apachetomcat7.0.6cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	7.0.0	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
apache	tomcat	7.0.0	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
apache	tomcat	7.0.1	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
apache	tomcat	7.0.2	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
apache	tomcat	7.0.2	cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
apache	tomcat	7.0.3	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
apache	tomcat	7.0.4	cpe:2.3:a:apache:tomcat:7.0.4:::::::*
apache	tomcat	7.0.4	cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
apache	tomcat	7.0.5	cpe:2.3:a:apache:tomcat:7.0.5:::::::*
apache	tomcat	7.0.6	cpe:2.3:a:apache:tomcat:7.0.6:::::::*

Rows per page:

1-10 of 541

References

www.openwall.com/lists/oss-security/2013/02/23/5

bugzilla.redhat.com/show_bug.cgi?id=924841

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-0346