CVE-2007-5342 Information

Feb 14, 2021 cve

Description

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications which allows attackers to modify logging configuration options and overwrite arbitrary files as demonstrated by changing the (1) level (2) directory and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Reference

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://osvdb.org/39833 http://secunia.com/advisories/28274 http://secunia.com/advisories/28317 http://secunia.com/advisories/28915 http://secunia.com/advisories/29313 http://secunia.com/advisories/29711 http://secunia.com/advisories/30676 http://secunia.com/advisories/32120 http://secunia.com/advisories/32222 http://secunia.com/advisories/32266 http://secunia.com/advisories/37460 http://secunia.com/advisories/57126 http://security.gentoo.org/glsa/glsa-200804-10.xml http://securityreason.com/securityalert/3485 http://support.apple.com/kb/HT3216 http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm http://svn.apache.org/viewvc?view=rev&revision=606594 http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.debian.org/security/2008/dsa-1447 http://www.mandriva.com/security/advisories?name=MDVSA-2008:188 http://www.redhat.com/support/errata/RHSA-2008-0042.html http://www.redhat.com/support/errata/RHSA-2008-0195.html http://www.redhat.com/support/errata/RHSA-2008-0831.html http://www.redhat.com/support/errata/RHSA-2008-0832.html http://www.redhat.com/support/errata/RHSA-2008-0833.html http://www.redhat.com/support/errata/RHSA-2008-0834.html http://www.redhat.com/support/errata/RHSA-2008-0862.html http://www.securityfocus.com/archive/1/485481/100/0/threaded http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/27006 http://www.securityfocus.com/bid/31681 http://www.vmware.com/security/advisories/VMSA-2008-0010.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2008/0013 http://www.vupen.com/english/advisories/2008/1856/references http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2008/2823 http://www.vupen.com/english/advisories/2009/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/39201 https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@3Cdev.tomcat.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10417 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html

Share on: