Computer Security
[EN] no-pyccku

Apache Tomcat weak default permissions
SecurityVulns ID:8493
Threat Level:
Description:JULI logging component allow arbitrary files overwriting.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.)
Original documentdocumentAPACHE, [CVE-2007-5342] Apache Tomcat's default security policy is too open (26.12.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod