CVE-2007-5342 in Tomcatinfo

Summary

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsible

Reservation

10/10/2007

Disclosure

12/27/2007

Moderation

VulDB entry created

Entries

VDB-40234

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

6.5

EPSS

0.18121

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-5342
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5342
CVE Details	https://www.cvedetails.com/cve/CVE-2007-5342/

◂ Previous Overview Next ▸