Lucene search

K
nvd[email protected]NVD:CVE-2007-5342
HistoryDec 27, 2007 - 10:46 p.m.

CVE-2007-5342

2007-12-2722:46:00
CWE-264
web.nvd.nist.gov
11
apache tomcat
security
vulnerability

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

74.8%

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Affected configurations

Nvd
Node
apachetomcatMatch5.5.9
OR
apachetomcatMatch5.5.10
OR
apachetomcatMatch5.5.11
OR
apachetomcatMatch5.5.12
OR
apachetomcatMatch5.5.13
OR
apachetomcatMatch5.5.14
OR
apachetomcatMatch5.5.15
OR
apachetomcatMatch5.5.16
OR
apachetomcatMatch5.5.17
OR
apachetomcatMatch5.5.18
OR
apachetomcatMatch5.5.19
OR
apachetomcatMatch5.5.20
OR
apachetomcatMatch5.5.21
OR
apachetomcatMatch5.5.22
OR
apachetomcatMatch5.5.23
OR
apachetomcatMatch5.5.24
OR
apachetomcatMatch5.5.25
OR
apachetomcatMatch6.0
OR
apachetomcatMatch6.0.1
OR
apachetomcatMatch6.0.2
OR
apachetomcatMatch6.0.3
OR
apachetomcatMatch6.0.4
OR
apachetomcatMatch6.0.5
OR
apachetomcatMatch6.0.6
OR
apachetomcatMatch6.0.7
OR
apachetomcatMatch6.0.8
OR
apachetomcatMatch6.0.9
OR
apachetomcatMatch6.0.10
OR
apachetomcatMatch6.0.11
OR
apachetomcatMatch6.0.12
OR
apachetomcatMatch6.0.13
OR
apachetomcatMatch6.0.14
OR
apachetomcatMatch6.0.15
VendorProductVersionCPE
apachetomcat5.5.9cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
apachetomcat5.5.10cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
apachetomcat5.5.11cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
apachetomcat5.5.12cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
apachetomcat5.5.13cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
apachetomcat5.5.14cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
apachetomcat5.5.15cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
apachetomcat5.5.16cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
apachetomcat5.5.17cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
apachetomcat5.5.18cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
Rows per page:
1-10 of 331

References

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

74.8%