CVE-2007-5342 - Vulnerability Details

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Tomcat
Redhat	Enterprise Linux Jboss Enterprise Application Platform Rhel Application Server Rhel Developer Suite

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat:5.5.9:::::::*
	cpe:2.3:a:apache:tomcat:5.5.10:::::::*
	cpe:2.3:a:apache:tomcat:5.5.11:::::::*
	cpe:2.3:a:apache:tomcat:5.5.12:::::::*
	cpe:2.3:a:apache:tomcat:5.5.13:::::::*
	cpe:2.3:a:apache:tomcat:5.5.14:::::::*
	cpe:2.3:a:apache:tomcat:5.5.15:::::::*
	cpe:2.3:a:apache:tomcat:5.5.16:::::::*
	cpe:2.3:a:apache:tomcat:5.5.17:::::::*
	cpe:2.3:a:apache:tomcat:5.5.18:::::::*
	cpe:2.3:a:apache:tomcat:5.5.19:::::::*
	cpe:2.3:a:apache:tomcat:5.5.20:::::::*
	cpe:2.3:a:apache:tomcat:5.5.21:::::::*
	cpe:2.3:a:apache:tomcat:5.5.22:::::::*
	cpe:2.3:a:apache:tomcat:5.5.23:::::::*
	cpe:2.3:a:apache:tomcat:5.5.24:::::::*
	cpe:2.3:a:apache:tomcat:5.5.25:::::::*
	cpe:2.3:a:apache:tomcat:6.0:::::::*
	cpe:2.3:a:apache:tomcat:6.0.1:::::::*
	cpe:2.3:a:apache:tomcat:6.0.2:::::::*
	cpe:2.3:a:apache:tomcat:6.0.3:::::::*
	cpe:2.3:a:apache:tomcat:6.0.4:::::::*
	cpe:2.3:a:apache:tomcat:6.0.5:::::::*
	cpe:2.3:a:apache:tomcat:6.0.6:::::::*
	cpe:2.3:a:apache:tomcat:6.0.7:::::::*
	cpe:2.3:a:apache:tomcat:6.0.8:::::::*
	cpe:2.3:a:apache:tomcat:6.0.9:::::::*
	cpe:2.3:a:apache:tomcat:6.0.10:::::::*
	cpe:2.3:a:apache:tomcat:6.0.11:::::::*
	cpe:2.3:a:apache:tomcat:6.0.12:::::::*
	cpe:2.3:a:apache:tomcat:6.0.13:::::::*
	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
	cpe:2.3:a:apache:tomcat:6.0.15:::::::*

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
glassfish-javamail-0:1.4.0-0jpp.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jbossas-0:4.2.0-3.GA_CP04.ep1.8.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
rh-eap-docs-0:4.2.0-4.GA_CP04.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
JBEAP 4.2.0 for RHEL 5
hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jbossas-0:4.2.0-4.GA_CP04.ep1.7.el5.6	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.9.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
rh-eap-docs-0:4.2.0-4.GA_CP04.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
Red Hat Developer Suite V.3
tomcat5-0:5.5.23-0jpp_11rh	cpe:/a:redhat:rhel_developer_suite:3	RHSA-2008:0195	2008-04-28T00:00:00Z
Red Hat Enterprise Linux 5
tomcat5-0:5.5.23-0jpp.3.0.3.el5_1	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0042	2008-03-11T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
glassfish-javamail-0:1.4.0-0jpp.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
glassfish-jaxb-0:2.1.4-1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
glassfish-jaxws-0:2.1.1-1jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
javassist-0:3.8.0-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossas-0:4.3.0-2.GA_CP02.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossws-framework-0:2.0.1-0jpp.ep1.11.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
rh-eap-docs-0:4.3.0-3.GA_CP02.ep1.9.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
glassfish-jaf-0:1.1.0-0jpp.ep1.12.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
glassfish-javamail-0:1.4.0-0jpp.ep1.10.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
glassfish-jaxb-0:2.1.4-1jpp.ep1.4.el5.2	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
glassfish-jaxws-0:2.1.1-1jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
glassfish-jstl-0:1.2.0-0jpp.ep1.10.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-commons-annotations-0:0.0.0-1.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-entitymanager-0:3.2.1-2.GA_CP03.1jpp.ep1.9.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
javassist-0:3.8.0-1jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossas-0:4.3.0-2.GA_CP02.ep1.10.el5.2	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-jaxr-0:1.2.0-SP1.0jpp.ep1.4.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossws-framework-0:2.0.1-0jpp.ep1.11.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossxb-0:1.0.0-2.SP3.0jpp.ep1.3.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
rh-eap-docs-0:4.3.0-2.GA_CP02.ep1.6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
RHAPS Version 2 for RHEL 4
tomcat5-0:5.5.23-0jpp_4rh.9	cpe:/a:redhat:rhel_application_server:2	RHSA-2008:0862	2008-10-02T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://osvdb.org/39833
http://secunia.com/advisories/28274
http://secunia.com/advisories/28317
http://secunia.com/advisories/28915
http://secunia.com/advisories/29313
http://secunia.com/advisories/29711
http://secunia.com/advisories/30676
http://secunia.com/advisories/32120
http://secunia.com/advisories/32222
http://secunia.com/advisories/32266
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://securityreason.com/securityalert/3485
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://svn.apache.org/viewvc?view=rev&revision=606594
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.debian.org/security/2008/dsa-1447
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
http://www.redhat.com/support/errata/RHSA-2008-0042.html
http://www.redhat.com/support/errata/RHSA-2008-0195.html
http://www.redhat.com/support/errata/RHSA-2008-0831.html
http://www.redhat.com/support/errata/RHSA-2008-0832.html
http://www.redhat.com/support/errata/RHSA-2008-0833.html
http://www.redhat.com/support/errata/RHSA-2008-0834.html
http://www.redhat.com/support/errata/RHSA-2008-0862.html
http://www.securityfocus.com/archive/1/485481/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/27006
http://www.securityfocus.com/bid/31681
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2008/0013
http://www.vupen.com/english/advisories/2008/1856/references
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/2823
http://www.vupen.com/english/advisories/2009/3316
https://exchange.xforce.ibmcloud.com/vulnerabilities/39201
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2007-5342
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
https://www.cve.org/CVERecord?id=CVE-2007-5342
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2007-12-27T22:00:00

Updated: 2024-08-07T15:24:42.402Z

Reserved: 2007-10-10T00:00:00

Link: CVE-2007-5342

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-12-27T22:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5342

Redhat

Severity : Low

Publid Date: 2007-12-23T00:00:00Z

Links: CVE-2007-5342 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-23T00:00:00", "descriptions": [{"lang": "en", "value": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-13T16:08:47", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "30676", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30676"}, {"name": "RHSA-2008:0862", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"}, {"name": "28915", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28915"}, {"name": "ADV-2008-2823", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2823"}, {"name": "oval:org.mitre.oval:def:10417", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37460"}, {"name": "29313", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29313"}, {"name": "31681", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31681"}, {"name": "32120", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32120"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "RHSA-2008:0042", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"}, {"name": "28274", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28274"}, {"name": "MDVSA-2008:188", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"}, {"name": "28317", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28317"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"}, {"name": "3485", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3485"}, {"name": "20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485481/100/0/threaded"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "SUSE-SR:2009:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-6.html"}, {"name": "RHSA-2008:0832", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0832.html"}, {"name": "57126", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57126"}, {"name": "32222", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32222"}, {"name": "RHSA-2008:0195", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"}, {"name": "FEDORA-2008-1467", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"}, {"name": "GLSA-200804-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"}, {"name": "apache-juli-logging-weak-security(39201)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39201"}, {"tags": ["x_refsource_MISC"], "url": "http://svn.apache.org/viewvc?view=rev&revision=606594"}, {"name": "RHSA-2008:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0833.html"}, {"name": "FEDORA-2008-1603", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"}, {"name": "ADV-2008-1856", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1856/references"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-5.html"}, {"name": "39833", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39833"}, {"name": "ADV-2008-0013", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0013"}, {"name": "ADV-2008-2780", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"name": "RHSA-2008:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0831.html"}, {"name": "27006", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27006"}, {"name": "RHSA-2008:0834", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0834.html"}, {"name": "DSA-1447", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1447"}, {"name": "HPSBST02955", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"}, {"name": "APPLE-SA-2008-10-09", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3216"}, {"name": "29711", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29711"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "32266", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32266"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:24:42.402Z"}, "title": "CVE Program Container", "references": [{"name": "30676", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30676"}, {"name": "RHSA-2008:0862", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"}, {"name": "28915", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28915"}, {"name": "ADV-2008-2823", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2823"}, {"name": "oval:org.mitre.oval:def:10417", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37460"}, {"name": "29313", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29313"}, {"name": "31681", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31681"}, {"name": "32120", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32120"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "RHSA-2008:0042", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"}, {"name": "28274", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28274"}, {"name": "MDVSA-2008:188", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"}, {"name": "28317", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28317"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"}, {"name": "3485", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3485"}, {"name": "20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485481/100/0/threaded"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "SUSE-SR:2009:004", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-6.html"}, {"name": "RHSA-2008:0832", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0832.html"}, {"name": "57126", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57126"}, {"name": "32222", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32222"}, {"name": "RHSA-2008:0195", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"}, {"name": "FEDORA-2008-1467", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"}, {"name": "GLSA-200804-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"}, {"name": "apache-juli-logging-weak-security(39201)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39201"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=rev&revision=606594"}, {"name": "RHSA-2008:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0833.html"}, {"name": "FEDORA-2008-1603", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"}, {"name": "ADV-2008-1856", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1856/references"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-5.html"}, {"name": "39833", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39833"}, {"name": "ADV-2008-0013", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0013"}, {"name": "ADV-2008-2780", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"name": "RHSA-2008:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0831.html"}, {"name": "27006", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27006"}, {"name": "RHSA-2008:0834", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0834.html"}, {"name": "DSA-1447", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1447"}, {"name": "HPSBST02955", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"}, {"name": "APPLE-SA-2008-10-09", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3216"}, {"name": "29711", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29711"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "32266", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32266"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-5342", "datePublished": "2007-12-27T22:00:00", "dateReserved": "2007-10-10T00:00:00", "dateUpdated": "2024-08-07T15:24:42.402Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*", "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*", "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*", "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*", "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*", "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*", "matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*", "matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*", "matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*", "matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*", "matchCriteriaId": "F67477AB-85F6-421C-9C0B-C8EFB1B200CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D11D6FB7-CBDB-48C1-98CB-1B3CAA36C5D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler."}, {"lang": "es", "value": "La catalina.policy por defecto en el componente de acceso JULI de Apache Tomcat 5.5.9 hasta 5.5.25 y 6.0.0 hasta 6.0.15 no restringe determinados permisos para aplicaciones web, lo cual permite a atacantes remotos modificar opciones de configuraci\u00f3n de acceso y sobrescribir ficheros de su elecci\u00f3n, como se demuestra cambiando los atributos (1) level, (2) directory, y (3) prefix en el gestor org.apache.juli.FileHandler."}], "id": "CVE-2007-5342", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-27T22:46:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/39833"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28274"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28317"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/28915"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29313"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/29711"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30676"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32120"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32222"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/32266"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37460"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/57126"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"}, {"source": "secalert@redhat.com", "url": "http://securityreason.com/securityalert/3485"}, {"source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT3216"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"}, {"source": "secalert@redhat.com", "url": "http://svn.apache.org/viewvc?view=rev&revision=606594"}, {"source": "secalert@redhat.com", "url": "http://tomcat.apache.org/security-5.html"}, {"source": "secalert@redhat.com", "url": "http://tomcat.apache.org/security-6.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2008/dsa-1447"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0831.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0832.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0833.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0834.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/485481/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/27006"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/31681"}, {"source": "secalert@redhat.com", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"}, {"source": "secalert@redhat.com", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/0013"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/1856/references"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2008/2823"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39201"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39833"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29711"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30676"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32266"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37460"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57126"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200804-10.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT3216"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.apache.org/viewvc?view=rev&revision=606594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tomcat.apache.org/security-5.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://tomcat.apache.org/security-6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0195.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0831.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0832.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0833.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0834.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485481/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/27006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/31681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1856/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/2823"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.10.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-3.GA_CP04.ep1.8.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.10.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-4.GA_CP04.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-4.GA_CP04.ep1.7.el5.6", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.9.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-4.GA_CP04.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0195", "cpe": "cpe:/a:redhat:rhel_developer_suite:3", "package": "tomcat5-0:5.5.23-0jpp_11rh", "product_name": "Red Hat Developer Suite V.3", "release_date": "2008-04-28T00:00:00Z"}, {"advisory": "RHSA-2008:0042", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "tomcat5-0:5.5.23-0jpp.3.0.3.el5_1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-03-11T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.10.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxws-0:2.1.1-1jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "javassist-0:3.8.0-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-2.GA_CP02.ep1.10.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-framework-0:2.0.1-0jpp.ep1.11.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-3.GA_CP02.ep1.9.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaf-0:1.1.0-0jpp.ep1.12.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.10.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1jpp.ep1.4.el5.2", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxws-0:2.1.1-1jpp.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jstl-0:1.2.0-0jpp.ep1.10.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-commons-annotations-0:0.0.0-1.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-entitymanager-0:3.2.1-2.GA_CP03.1jpp.ep1.9.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "javassist-0:3.8.0-1jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-2.GA_CP02.ep1.10.el5.2", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-jaxr-0:1.2.0-SP1.0jpp.ep1.4.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-framework-0:2.0.1-0jpp.ep1.11.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossxb-0:1.0.0-2.SP3.0jpp.ep1.3.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-2.GA_CP02.ep1.6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0862", "cpe": "cpe:/a:redhat:rhel_application_server:2", "package": "tomcat5-0:5.5.23-0jpp_4rh.9", "product_name": "RHAPS Version 2 for RHEL 4", "release_date": "2008-10-02T00:00:00Z"}], "bugzilla": {"description": "Apache Tomcat's default security policy is too open", "id": "427216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"}, "csaw": false, "details": ["The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler."], "name": "CVE-2007-5342", "public_date": "2007-12-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-5342\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-5342"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object