Definition


New Search

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications which allows attackers to modify logging configuration options and overwrite arbitrary files as demonstrated by changing the (1) level (2) directory and (3) prefix attributes in the org.apache.juli.FileHandler handler.

oval:org.mitre.oval:def:10417

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications which allows attackers to modify logging configuration options and overwrite arbitrary files as demonstrated by changing the (1) level (2) directory and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 5
  • Oracle Linux 5
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-5342
Product(s):