6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
73.2%
Tomcat is a servlet container for Java Servlet and JavaServer Pages
technologies.
A directory traversal vulnerability existed in the Apache Tomcat webdav
servlet. In some configurations it allowed remote authenticated users to
read files accessible to the local tomcat process. (CVE-2007-5461)
The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
tomcat process. (CVE-2007-5342)
Users of Tomcat should update to these errata packages, which contain
backported patches and are not vulnerable to these issues.