CVE-2007-5342 (retired)

Priority
Description
The default catalina.policy in the JULI logging component in Apache Tomcat
5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain
permissions for web applications, which allows attackers to modify logging
configuration options and overwrite arbitrary files, as demonstrated by
changing the (1) level, (2) directory, and (3) prefix attributes in the
org.apache.juli.FileHandler handler.
Notes
jdstranddebian says vulnerable code not listed in tomcat5
Package
Upstream:not-affected
Package
Upstream:needs-triage
More Information

Updated: 2019-10-09 07:08:35 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)