Vulnerability Details : CVE-2007-5342
The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
Products affected by CVE-2007-5342
- cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
Threat overview for CVE-2007-5342
Top countries where our scanners detected CVE-2007-5342
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-5342 5,580
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-5342!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-5342
12.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5342
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2007-5342
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5342
-
http://www.debian.org/security/2008/dsa-1447
Debian -- Security Information -- DSA-1447-1 tomcat5.5
-
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
VMSA-2008-0010.3
-
http://www.redhat.com/support/errata/RHSA-2008-0833.html
Support
-
http://tomcat.apache.org/security-5.html
Apache Tomcat® - Apache Tomcat 5 vulnerabilities
-
http://www.redhat.com/support/errata/RHSA-2008-0831.html
Support
-
http://marc.info/?l=bugtraq&m=139344343412337&w=2
'[security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software' - MARC
-
http://www.redhat.com/support/errata/RHSA-2008-0832.html
Support
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
-
http://www.redhat.com/support/errata/RHSA-2008-0834.html
Support
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6
-
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/-Apache Mail Archives
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://tomcat.apache.org/security-6.html
Apache Tomcat® - Apache Tomcat 6 vulnerabilities
-
http://security.gentoo.org/glsa/glsa-200804-10.xml
Tomcat: Multiple vulnerabilities (GLSA 200804-10) — Gentoo security
-
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/-Apache Mail Archives
-
http://www.vupen.com/english/advisories/2008/1856/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/-Apache Mail Archives
-
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
-
http://www.securityfocus.com/archive/1/485481/100/0/threaded
-
http://www.securityfocus.com/bid/27006
Patch
-
http://www.vupen.com/english/advisories/2008/0013
-
http://securityreason.com/securityalert/3485
Apache Tomcat's default security policy is too open - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39201
Apache Tomcat JULI logging weak security CVE-2007-5342 Vulnerability Report
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
Page not found - Mandriva.com
-
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:004 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417
404 Not Found
-
http://www.vupen.com/english/advisories/2008/2823
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.redhat.com/support/errata/RHSA-2008-0042.html
Support
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
-
http://www.redhat.com/support/errata/RHSA-2008-0195.html
Support
-
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
ASA-2008-401 (RHSA-2008-0862)
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
-
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/-Apache Mail Archives
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple Support
-
http://www.redhat.com/support/errata/RHSA-2008-0862.html
Support
-
http://svn.apache.org/viewvc?view=rev&revision=606594
[Apache-SVN] Revision 606594
-
http://www.securityfocus.com/bid/31681
Jump to