CVE - CVE-2007-5342

CVE-ID
CVE-2007-5342	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open URL:http://www.securityfocus.com/archive/1/485481/100/0/threaded MISC:20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components URL:http://www.securityfocus.com/archive/1/507985/100/0/threaded MISC:27006 URL:http://www.securityfocus.com/bid/27006 MISC:28274 URL:http://secunia.com/advisories/28274 MISC:28317 URL:http://secunia.com/advisories/28317 MISC:28915 URL:http://secunia.com/advisories/28915 MISC:29313 URL:http://secunia.com/advisories/29313 MISC:29711 URL:http://secunia.com/advisories/29711 MISC:30676 URL:http://secunia.com/advisories/30676 MISC:31681 URL:http://www.securityfocus.com/bid/31681 MISC:32120 URL:http://secunia.com/advisories/32120 MISC:32222 URL:http://secunia.com/advisories/32222 MISC:32266 URL:http://secunia.com/advisories/32266 MISC:3485 URL:http://securityreason.com/securityalert/3485 MISC:37460 URL:http://secunia.com/advisories/37460 MISC:39833 URL:~~http://osvdb.org/39833~~ (Obsolete source) MISC:57126 URL:http://secunia.com/advisories/57126 MISC:ADV-2008-0013 URL:~~http://www.vupen.com/english/advisories/2008/0013~~ (Obsolete source) MISC:ADV-2008-1856 URL:~~http://www.vupen.com/english/advisories/2008/1856/references~~ (Obsolete source) MISC:ADV-2008-2780 URL:~~http://www.vupen.com/english/advisories/2008/2780~~ (Obsolete source) MISC:ADV-2008-2823 URL:~~http://www.vupen.com/english/advisories/2008/2823~~ (Obsolete source) MISC:ADV-2009-3316 URL:~~http://www.vupen.com/english/advisories/2009/3316~~ (Obsolete source) MISC:APPLE-SA-2008-10-09 URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html MISC:DSA-1447 URL:http://www.debian.org/security/2008/dsa-1447 MISC:FEDORA-2008-1467 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html MISC:FEDORA-2008-1603 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html MISC:GLSA-200804-10 URL:http://security.gentoo.org/glsa/glsa-200804-10.xml MISC:HPSBST02955 URL:http://marc.info/?l=bugtraq&m=139344343412337&w=2 MISC:MDVSA-2008:188 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:188~~ (Obsolete source) MISC:RHSA-2008:0042 URL:http://www.redhat.com/support/errata/RHSA-2008-0042.html MISC:RHSA-2008:0195 URL:http://www.redhat.com/support/errata/RHSA-2008-0195.html MISC:RHSA-2008:0831 URL:http://www.redhat.com/support/errata/RHSA-2008-0831.html MISC:RHSA-2008:0832 URL:http://www.redhat.com/support/errata/RHSA-2008-0832.html MISC:RHSA-2008:0833 URL:http://www.redhat.com/support/errata/RHSA-2008-0833.html MISC:RHSA-2008:0834 URL:http://www.redhat.com/support/errata/RHSA-2008-0834.html MISC:RHSA-2008:0862 URL:http://www.redhat.com/support/errata/RHSA-2008-0862.html MISC:SUSE-SR:2009:004 URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html MISC:[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ URL:https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ URL:https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ URL:https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E MISC:[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ URL:https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E MISC:apache-juli-logging-weak-security(39201) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/39201 MISC:http://support.apple.com/kb/HT3216 URL:http://support.apple.com/kb/HT3216 MISC:http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm MISC:http://svn.apache.org/viewvc?view=rev&revision=606594 URL:http://svn.apache.org/viewvc?view=rev&revision=606594 MISC:http://tomcat.apache.org/security-5.html URL:http://tomcat.apache.org/security-5.html MISC:http://tomcat.apache.org/security-6.html URL:http://tomcat.apache.org/security-6.html MISC:http://www.vmware.com/security/advisories/VMSA-2008-0010.html URL:http://www.vmware.com/security/advisories/VMSA-2008-0010.html MISC:http://www.vmware.com/security/advisories/VMSA-2009-0016.html URL:http://www.vmware.com/security/advisories/VMSA-2009-0016.html MISC:oval:org.mitre.oval:def:10417 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
Assigning CNA
Red Hat, Inc.
Date Record Created
20071010	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071010)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)