English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2007-5342
Description:The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
Test IDs: 1.3.6.1.4.1.25623.1.0.122603   1.3.6.1.4.1.25623.1.0.60350   1.3.6.1.4.1.25623.1.0.60102   1.3.6.1.4.1.25623.1.0.60337  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2007-5342
20071223 [CVE-2007-5342] Apache Tomcat's default security policy is too open
http://www.securityfocus.com/archive/1/485481/100/0/threaded
20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
http://www.securityfocus.com/archive/1/507985/100/0/threaded
27006
http://www.securityfocus.com/bid/27006
28274
http://secunia.com/advisories/28274
28317
http://secunia.com/advisories/28317
28915
http://secunia.com/advisories/28915
29313
http://secunia.com/advisories/29313
29711
http://secunia.com/advisories/29711
30676
http://secunia.com/advisories/30676
31681
http://www.securityfocus.com/bid/31681
32120
http://secunia.com/advisories/32120
32222
http://secunia.com/advisories/32222
32266
http://secunia.com/advisories/32266
3485
http://securityreason.com/securityalert/3485
37460
http://secunia.com/advisories/37460
39833
http://osvdb.org/39833
57126
http://secunia.com/advisories/57126
ADV-2008-0013
http://www.vupen.com/english/advisories/2008/0013
ADV-2008-1856
http://www.vupen.com/english/advisories/2008/1856/references
ADV-2008-2780
http://www.vupen.com/english/advisories/2008/2780
ADV-2008-2823
http://www.vupen.com/english/advisories/2008/2823
ADV-2009-3316
http://www.vupen.com/english/advisories/2009/3316
APPLE-SA-2008-10-09
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
DSA-1447
http://www.debian.org/security/2008/dsa-1447
FEDORA-2008-1467
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
FEDORA-2008-1603
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
GLSA-200804-10
http://security.gentoo.org/glsa/glsa-200804-10.xml
HPSBST02955
http://marc.info/?l=bugtraq&m=139344343412337&w=2
MDVSA-2008:188
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
RHSA-2008:0042
http://www.redhat.com/support/errata/RHSA-2008-0042.html
RHSA-2008:0195
http://www.redhat.com/support/errata/RHSA-2008-0195.html
RHSA-2008:0831
http://www.redhat.com/support/errata/RHSA-2008-0831.html
RHSA-2008:0832
http://www.redhat.com/support/errata/RHSA-2008-0832.html
RHSA-2008:0833
http://www.redhat.com/support/errata/RHSA-2008-0833.html
RHSA-2008:0834
http://www.redhat.com/support/errata/RHSA-2008-0834.html
RHSA-2008:0862
http://www.redhat.com/support/errata/RHSA-2008-0862.html
SUSE-SR:2009:004
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
apache-juli-logging-weak-security(39201)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39201
http://support.apple.com/kb/HT3216
http://support.apple.com/kb/HT3216
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm
http://svn.apache.org/viewvc?view=rev&revision=606594
http://svn.apache.org/viewvc?view=rev&revision=606594
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-6.html
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
oval:org.mitre.oval:def:10417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417



© 1998-2025 E-Soft Inc. All rights reserved.