Launchpad.net

CVE 2007-5342

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Related bugs and status

CVE-2007-5342 (Candidate) is related to these bugs:

Bug #175505: [tomcat5] multiple vulnerabilities

		In	Importance	Status
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Dapper)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu)	Undecided	Fix Released
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Dapper)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Edgy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Feisty)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Gutsy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Gutsy)	Undecided	Won't Fix
175505	[tomcat5] multiple vulnerabilities	tomcat5 (Ubuntu Hardy)	Undecided	Invalid
175505	[tomcat5] multiple vulnerabilities	tomcat5.5 (Ubuntu Hardy)	Undecided	Fix Released

Bug #179491: please merge tomcat5.5 (5.5.25-5) from Debian unstable (main)

Summary				In	Importance	Status
	179491	please merge tomcat5.5 (5.5.25-5) from Debian unstable (main)		tomcat5.5 (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-5342

Related bugs and status

Related bugs

References