Home > Vulnerability Database > CVE-2007-5342

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-5342

Date: December 27, 2007

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Severity Score

6.5

Related Resources (58)

Url: http://www.securityfocus.com/bid/27006

Url: http://svn.apache.org/viewvc?view=rev&revision=606594

Url: http://www.securityfocus.com/archive/1/485481/100/0/threaded

Url: http://support.apple.com/kb/HT3216

Url: http://www.vmware.com/security/advisories/VMSA-2008-0010.html

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html

Url: http://security.gentoo.org/glsa/glsa-200804-10.xml

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Url: http://secunia.com/advisories/32222

Url: http://secunia.com/advisories/32266

Url: http://www.redhat.com/support/errata/RHSA-2008-0862.html

Url: http://www.vupen.com/english/advisories/2008/2823

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

Url: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Url: https://access.redhat.com/security/cve/CVE-2007-5342

Url: http://www.securityfocus.com/bid/31681

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:188

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Url: http://www.vupen.com/english/advisories/2008/1856/references

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Url: https://github.com/apache/tomcat/tree/main/java/org/apache/juli

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-5342

Url: http://www.vupen.com/english/advisories/2008/0013

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0195.html

Url: http://secunia.com/advisories/28274

Url: http://www.redhat.com/support/errata/RHSA-2008-0042.html

Url: http://www.vupen.com/english/advisories/2009/3316

Url: http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/39201

Url: http://tomcat.apache.org/security-5.html

Url: http://secunia.com/advisories/30676

Url: http://www.redhat.com/support/errata/RHSA-2008-0833.html

Url: http://marc.info/?l=bugtraq&m=139344343412337&w=2

Url: http://www.redhat.com/support/errata/RHSA-2008-0832.html

Url: http://www.debian.org/security/2008/dsa-1447

Url: http://osvdb.org/39833

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

Url: http://secunia.com/advisories/29711

Url: http://securityreason.com/securityalert/3485

Url: http://secunia.com/advisories/29313

Url: http://www.vupen.com/english/advisories/2008/2780

Url: http://secunia.com/advisories/57126

Url: http://secunia.com/advisories/32120

Url: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0831.html

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

Url: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Url: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Url: http://secunia.com/advisories/37460

Url: http://tomcat.apache.org/security-6.html

Url: http://secunia.com/advisories/28915

Url: http://www.redhat.com/support/errata/RHSA-2008-0834.html

Url: http://secunia.com/advisories/28317

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

Url: https://www.mend.io/vulnerability-database/CVE-2007-5342

Severity Score

6.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us