[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5342Date: (C)2007-12-27   (M)2023-12-22


The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/485481/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
BID-27006
SECUNIA-28274
SECUNIA-28317
SECUNIA-28915
SECUNIA-29313
SECUNIA-29711
SECUNIA-30676
BID-31681
SECUNIA-32120
SECUNIA-32222
SECUNIA-32266
SREASON-3485
SECUNIA-37460
OSVDB-39833
SECUNIA-57126
ADV-2008-0013
ADV-2008-1856
ADV-2008-2780
ADV-2008-2823
ADV-2009-3316
APPLE-SA-2008-10-09
DSA-1447
FEDORA-2008-1467
FEDORA-2008-1603
GLSA-200804-10
HPSBST02955
MDVSA-2008:188
RHSA-2008:0042
RHSA-2008:0195
RHSA-2008:0831
RHSA-2008:0832
RHSA-2008:0833
RHSA-2008:0834
RHSA-2008:0862
SUSE-SR:2009:004
apache-juli-logging-weak-security(39201)
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://svn.apache.org/viewvc?view=rev&revision=606594
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
oval:org.mitre.oval:def:10417

CWE    1
CWE-264
OVAL    2
oval:org.secpod.oval:def:301557
oval:org.mitre.oval:def:7989

© SecPod Technologies