CVE-2007-5342

Table of Contents

Impact:
Low
Public Date:
2007-12-23
Bugzilla:
427216: CVE-2007-5342 Apache Tomcat's default security policy is too open

The MITRE CVE dictionary describes this issue as:

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Find out more about CVE-2007-5342 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (tomcat5) RHSA-2008:0042 2008-03-11
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS RHSA-2008:0833 2008-09-22
Red Hat Developer Suite v.3 (AS v.4) (tomcat5) RHSA-2008:0195 2008-04-28
Red Hat Application Server v2 4AS (tomcat5) RHSA-2008:0862 2008-10-02
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS RHSA-2008:0831 2008-09-22
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server RHSA-2008:0832 2008-09-22
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server RHSA-2008:0834 2008-09-22
Last Modified

CVE description copyright © 2017, The MITRE Corporation