CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
74.8%
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | tomcat | 5.5.9 | cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* |
apache | tomcat | 5.5.10 | cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* |
apache | tomcat | 5.5.11 | cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* |
apache | tomcat | 5.5.12 | cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* |
apache | tomcat | 5.5.13 | cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* |
apache | tomcat | 5.5.14 | cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* |
apache | tomcat | 5.5.15 | cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* |
apache | tomcat | 5.5.16 | cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* |
apache | tomcat | 5.5.17 | cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* |
apache | tomcat | 5.5.18 | cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* |
lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
marc.info/?l=bugtraq&m=139344343412337&w=2
osvdb.org/39833
secunia.com/advisories/28274
secunia.com/advisories/28317
secunia.com/advisories/28915
secunia.com/advisories/29313
secunia.com/advisories/29711
secunia.com/advisories/30676
secunia.com/advisories/32120
secunia.com/advisories/32222
secunia.com/advisories/32266
secunia.com/advisories/37460
secunia.com/advisories/57126
security.gentoo.org/glsa/glsa-200804-10.xml
securityreason.com/securityalert/3485
support.apple.com/kb/HT3216
support.avaya.com/elmodocs2/security/ASA-2008-401.htm
svn.apache.org/viewvc?view=rev&revision=606594
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2008/dsa-1447
www.mandriva.com/security/advisories?name=MDVSA-2008:188
www.redhat.com/support/errata/RHSA-2008-0042.html
www.redhat.com/support/errata/RHSA-2008-0195.html
www.redhat.com/support/errata/RHSA-2008-0831.html
www.redhat.com/support/errata/RHSA-2008-0832.html
www.redhat.com/support/errata/RHSA-2008-0833.html
www.redhat.com/support/errata/RHSA-2008-0834.html
www.redhat.com/support/errata/RHSA-2008-0862.html
www.securityfocus.com/archive/1/485481/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/27006
www.securityfocus.com/bid/31681
www.vmware.com/security/advisories/VMSA-2008-0010.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2008/0013
www.vupen.com/english/advisories/2008/1856/references
www.vupen.com/english/advisories/2008/2780
www.vupen.com/english/advisories/2008/2823
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/39201
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html