Vulnerability & Exploit Database

Back to search

CESA-2008:0042: tomcat security update

Severity CVSS Published Added Modified
6 (AV:N/AC:L/Au:N/C:P/I:P/A:N) December 27, 2007 March 12, 2010 July 04, 2017

Description

Tomcat is a servlet container for Java Servlet and JavaServer Pagestechnologies.A directory traversal vulnerability existed in the Apache Tomcat webdavservlet. In some configurations it allowed remote authenticated users toread files accessible to the local tomcat process. (CVE-2007-5461)The default security policy in the JULI logging component did not restrictaccess permissions to files. This could be misused by untrusted webapplications to access and write arbitrary files in the context of thetomcat process. (CVE-2007-5342)Users of Tomcat should update to these errata packages, which containbackported patches and are not vulnerable to these issues.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

centos-upgrade-tomcat5

Related Vulnerabilities