6.4
CVE-2007-5342
- EPSS 5.16%
- Veröffentlicht 27.12.2007 22:46:00
- Zuletzt bearbeitet 16.06.2026 22:45:56
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.16% | 0.913 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://www.securityfocus.com/bid/31681
http://www.vupen.com/english/advisories/2008/2780
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
http://secunia.com/advisories/28317
http://www.debian.org/security/2008/dsa-1447
http://www.redhat.com/support/errata/RHSA-2008-0195.html
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
http://secunia.com/advisories/30676
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vupen.com/english/advisories/2008/1856/references
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/29313
http://secunia.com/advisories/29711
http://secunia.com/advisories/32120
http://secunia.com/advisories/32266
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.vupen.com/english/advisories/2008/2823
http://osvdb.org/39833
http://secunia.com/advisories/28274
http://secunia.com/advisories/28915
http://securityreason.com/securityalert/3485
http://svn.apache.org/viewvc?view=rev&revision=606594
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://www.redhat.com/support/errata/RHSA-2008-0831.html
http://www.redhat.com/support/errata/RHSA-2008-0832.html
http://www.redhat.com/support/errata/RHSA-2008-0833.html
http://www.redhat.com/support/errata/RHSA-2008-0834.html
http://www.securityfocus.com/archive/1/485481/100/0/threaded
http://www.securityfocus.com/bid/27006
http://www.vupen.com/english/advisories/2008/0013
https://exchange.xforce.ibmcloud.com/vulnerabilities/39201
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html