Lucene search

RedhatCVELIST:CVE-2007-5342

HistoryDec 27, 2007 - 10:00 p.m.

CVE-2007-5342

2007-12-2722:00:00

redhat

www.cve.org

7.4 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.2%

JSON

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

References

lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

marc.info/?l=bugtraq&m=139344343412337&w=2

osvdb.org/39833

secunia.com/advisories/28274

secunia.com/advisories/28317

secunia.com/advisories/28915

secunia.com/advisories/29313

secunia.com/advisories/29711

secunia.com/advisories/30676

secunia.com/advisories/32120

secunia.com/advisories/32222

secunia.com/advisories/32266

secunia.com/advisories/37460

secunia.com/advisories/57126

security.gentoo.org/glsa/glsa-200804-10.xml

securityreason.com/securityalert/3485

support.apple.com/kb/HT3216

support.avaya.com/elmodocs2/security/ASA-2008-401.htm

svn.apache.org/viewvc?view=rev&revision=606594

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

www.debian.org/security/2008/dsa-1447

www.mandriva.com/security/advisories?name=MDVSA-2008:188

www.redhat.com/support/errata/RHSA-2008-0042.html

www.redhat.com/support/errata/RHSA-2008-0195.html

www.redhat.com/support/errata/RHSA-2008-0831.html

www.redhat.com/support/errata/RHSA-2008-0832.html

www.redhat.com/support/errata/RHSA-2008-0833.html

www.redhat.com/support/errata/RHSA-2008-0834.html

www.redhat.com/support/errata/RHSA-2008-0862.html

www.securityfocus.com/archive/1/485481/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/27006

www.securityfocus.com/bid/31681

www.vmware.com/security/advisories/VMSA-2008-0010.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2008/0013

www.vupen.com/english/advisories/2008/1856/references

www.vupen.com/english/advisories/2008/2780

www.vupen.com/english/advisories/2008/2823

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/39201

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417

www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html