23 matches found
GHSA-W65J-CMQC-37P2 JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
Restriction Bypass
JULI logging component is vulnerable to restriction bypass vulnerability.It uses the default security policy which does not restrict this configuration and allows an untrusted web application to add files or overwrite existing files where the Tomcat process has the necessary file permissions to d...
RHEL 5 : JBoss EAP (RHSA-2008:0834)
Updated JBoss Enterprise Application Platform JBEAP 4.2 packages that fix various security issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.2.0.CP04. This update has been rated as having low security impact by the Red Hat Security Response Team. JBoss Enterprise Application...
RHEL 4 : JBoss EAP (RHSA-2008:0831)
Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix various security issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP02. This update has been rated as having low security impact by the Red Hat Security Response Team. JBoss Enterprise Application...
Apache Tomcat JULI Logging组件默认安全策略漏洞
No description provided by source...
Mandriva Linux Security Advisory : tomcat5 (MDVSA-2008:188)
A number of vulnerabilities have been discovered in the Apache Tomcat server : The default catalina.policy in the JULI logging component did not restrict certain permissions for web applications which could allow a remote attacker to modify logging configuration options and overwrite arbitrary...
Low: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0CP02 security update
Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix various security issues are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP02. This update has been rated as having low security impact by the Red Hat Security Response Team. JBoss Enterprise Application...
Apache Tomcat's default security policy is too open
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
Apache Tomcat's default security policy is too open
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
GLSA-200804-10 : Tomcat: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200804-10 Tomcat: Multiple vulnerabilities The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web application to add or...
Tomcat: Multiple vulnerabilities
Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The following vulnerabilities were reported: Delian Krustev discovered that the JULI logging component does not properly enforce access restrictions, allowing web...
tomcat5 security update
CentOS Errata and Security Advisory CESA-2008:0042 Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Jav...
Apache Tomcat's default security policy is too open
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...
Moderate: Red Hat Security Advisory: tomcat security update
Updated tomcat packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. A...
Apache Tomcat 6.0.x < 6.0.16 Information Disclosure
Binary data 4368.pasl...
Fixed in Apache Tomcat 5.5.26
Low: Session hi-jacking CVE-2007-5333 The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value. Affects: 5.5.0-5.5.25 Low: Elevated privileges CVE-2007-5342 The JULI logging component allows web applications to provide their own logging...
Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities
Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3382 It was discovered that single quotes ' in cookies were treated as a delimiter, which could lead to an...
DSA-1447-1 tomcat5.5 several vulnerabilities
Bulletin has no description...
CVE-2007-5342
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...