CVE-2007-5342 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-5342 Interim 1 5 2023-12-09T02:12:45Z current 2021-05-30T12:40:23Z 2023-12-09T02:12:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-5342 The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N/#BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N E-Mail link for SUSE-SR:2009:004 https://www.suse.com/support/security/rating/ SUSE Security Ratings The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler. CVE-2007-5342 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N