Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-5342
Description:The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
Test IDs: 1.3.6.1.4.1.25623.1.0.60337   1.3.6.1.4.1.25623.1.0.60102   1.3.6.1.4.1.25623.1.0.60350   1.3.6.1.4.1.25623.1.0.122603  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-5342
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
BugTraq ID: 27006
http://www.securityfocus.com/bid/27006
BugTraq ID: 31681
http://www.securityfocus.com/bid/31681
Bugtraq: 20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open (Google Search)
http://www.securityfocus.com/archive/1/485481/100/0/threaded
Bugtraq: 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components (Google Search)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Debian Security Information: DSA-1447 (Google Search)
http://www.debian.org/security/2008/dsa-1447
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
http://security.gentoo.org/glsa/glsa-200804-10.xml
HPdes Security Advisory: HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://svn.apache.org/viewvc?view=rev&revision=606594
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
http://osvdb.org/39833
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
RedHat Security Advisories: RHSA-2008:0042
http://www.redhat.com/support/errata/RHSA-2008-0042.html
RedHat Security Advisories: RHSA-2008:0195
http://www.redhat.com/support/errata/RHSA-2008-0195.html
RedHat Security Advisories: RHSA-2008:0831
http://www.redhat.com/support/errata/RHSA-2008-0831.html
RedHat Security Advisories: RHSA-2008:0832
http://www.redhat.com/support/errata/RHSA-2008-0832.html
RedHat Security Advisories: RHSA-2008:0833
http://www.redhat.com/support/errata/RHSA-2008-0833.html
RedHat Security Advisories: RHSA-2008:0834
http://www.redhat.com/support/errata/RHSA-2008-0834.html
RedHat Security Advisories: RHSA-2008:0862
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://secunia.com/advisories/28274
http://secunia.com/advisories/28317
http://secunia.com/advisories/28915
http://secunia.com/advisories/29313
http://secunia.com/advisories/29711
http://secunia.com/advisories/30676
http://secunia.com/advisories/32120
http://secunia.com/advisories/32222
http://secunia.com/advisories/32266
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/3485
SuSE Security Announcement: SUSE-SR:2009:004 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vupen.com/english/advisories/2008/0013
http://www.vupen.com/english/advisories/2008/1856/references
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2009/3316
XForce ISS Database: apache-juli-logging-weak-security(39201)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39201




© 1998-2024 E-Soft Inc. All rights reserved.