CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
DISPUTED Apache Tomcat 7.x uses world-readable permissions for the
log directory and its files, which might allow local users to obtain
sensitive information by reading a file. NOTE: One Tomcat distributor has
stated “The tomcat log directory does not contain any sensitive
information.”
Author | Note |
---|---|
jdstrand | /var/log/tomcat5.5 is 750 on Ubuntu 8.04 LTS /var/log/tomcat6 is 750 on Ubuntu 10.04 LTS10 and higher /var/log/tomcat7 is 750 on Ubuntu 11.10 and higher |