CVE-2007-5342

medium Apache
CVSS v3 Base Score
6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS Score
18.1%
Exploitation probability in 30 days
Top 5% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
None
Published: December 27, 2007 (6712 days ago)
Last Modified: April 23, 2026
Vendor: Apache
Source: NVD

Description

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

CWE

CWE-264

Affected Products

apache tomcat

References

🔗 lists.apple.com 🔗 lists.opensuse.org 🔗 marc.info 🔗 osvdb.org 🔗 secunia.com