Vulnerability Description
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 5.5.9 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://osvdb.org/39833
- http://secunia.com/advisories/28274
- http://secunia.com/advisories/28317
- http://secunia.com/advisories/28915
- http://secunia.com/advisories/29313
- http://secunia.com/advisories/29711
- http://secunia.com/advisories/30676
- http://secunia.com/advisories/32120
- http://secunia.com/advisories/32222
- http://secunia.com/advisories/32266
- http://secunia.com/advisories/37460
- http://secunia.com/advisories/57126
FAQ
What is CVE-2007-5342?
CVE-2007-5342 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attack...
How severe is CVE-2007-5342?
CVE-2007-5342 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5342?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.