Lucene search

K
ubuntucveUbuntu.comUB:CVE-2007-5342
HistoryDec 27, 2007 - 12:00 a.m.

CVE-2007-5342

2007-12-2700:00:00
ubuntu.com
ubuntu.com
10

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

75.5%

The default catalina.policy in the JULI logging component in Apache Tomcat
5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain
permissions for web applications, which allows attackers to modify logging
configuration options and overwrite arbitrary files, as demonstrated by
changing the (1) level, (2) directory, and (3) prefix attributes in the
org.apache.juli.FileHandler handler.

Notes

Author Note
jdstrand debian says vulnerable code not listed in tomcat5
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchtomcat5.5< 5.5.25-4UNKNOWN
ubuntu8.10noarchtomcat5.5< 5.5.25-4UNKNOWN

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

75.5%

Related for UB:CVE-2007-5342