Lucene search
RootSSV:2703HistoryDec 26, 2007 - 12:00 a.m.
Apache Tomcat JULI日志组件默认安全策略漏洞
2007-12-2600:00:00
Root
www.seebug.org
58
0.003 Low
EPSS
Percentile
65.6%
BUGTRAQ ID: 27006
CVE(CAN) ID: CVE-2007-5342
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
Apache Tomcat的JULI日志组件允许Web应用提供自己的日志配置,默认的安全策略没有限制这种配置,允许不可信任的Web应用添加文件,或覆盖Tomcat进程拥有权限的已有文件。
Apache Group Tomcat 6.0.0 - 6.0.15
Apache Group Tomcat 5.5.9 - 5.5.25
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch” target=“_blank”>http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch</a>
Related
securityvulns
securityvulns
[CVE-2007-5342] Apache Tomcat's default security policy is too open
2007-12-26 00:00:00
Apache Tomcat weak default permissions
2007-12-26 00:00:00
prion
prion
Design/Logic Flaw
2007-12-27 22:46:00
veracode
veracode
Restriction Bypass
2019-03-25 08:40:44
ubuntucve
ubuntucve
CVE-2007-5342
2007-12-27 00:00:00
osv
osv
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
2022-05-01 18:32:22
tomcat5.5 several vulnerabilities
2008-01-03 00:00:00
cve
cve
CVE-2007-5342
2007-12-27 22:46:00
github
github
openvas
openvas
Oracle Linux Local Check: ELSA-2008-0042
2015-10-08 00:00:00
RedHat Update for tomcat RHSA-2008:0042-01
2009-03-06 00:00:00
RedHat Update for tomcat RHSA-2008:0042-01
2009-03-06 00:00:00
nessus
nessus
RHEL 5 : JBoss EAP (RHSA-2008:0832)
2013-01-24 00:00:00
CentOS 5 : tomcat (CESA-2008:0042)
2010-01-06 00:00:00
RHEL 5 : JBoss EAP (RHSA-2008:0834)
2013-01-24 00:00:00
redhat
redhat
(RHSA-2008:0042) Moderate: tomcat security update
2008-03-11 00:00:00
(RHSA-2008:0832) Low: JBoss Enterprise Application Platform 4.3.0CP02 security update
2008-09-22 00:00:00
(RHSA-2008:0195) Moderate: tomcat security update
2008-04-28 00:00:00
oraclelinux
oraclelinux
Moderate: tomcat security update
2008-03-11 00:00:00
centos
centos
tomcat5 security update
2008-03-19 00:04:06
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
debian
debian
[SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities
2008-01-03 21:54:49
tomcat
tomcat
Fixed in Apache Tomcat 5.5.26
2008-02-05 00:00:00
Fixed in Apache Tomcat 6.0.16
2008-02-08 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
[SECURITY] Fedora 8 Update: tomcat5-5.5.27-0jpp.2.fc8
2008-09-16 23:28:35
vmware
vmware
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00
Updated Tomcat and Java JRE packages for VMware ESX 3.5 and VirtualCenter
2008-06-16 00:00:00