Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat weak default permissions
Published:26.12.2007
Source:
SecurityVulns ID:8493
Type:local
Threat Level:
5/10
Description:JULI logging component allow arbitrary files overwriting.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.)
Original documentdocumentAPACHE, [CVE-2007-5342] Apache Tomcat's default security policy is too open (26.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod