CVE-2007-5342

Publication date 27 December 2007

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Read the notes from the security team

Status

Package Ubuntu Release Status
tomcat5 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected
tomcat5.5 8.10 intrepid
Fixed 5.5.25-4
8.04 LTS hardy
Fixed 5.5.25-4
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Not in release

Notes

jdstrand

debian says vulnerable code not listed in tomcat5

References

Other references

Access our resources on patching vulnerabilities