Vulnerability & Exploit Database

Back to search

CESA-2008:0042: tomcat security update

Severity CVSS Published Added Modified
6 (AV:N/AC:L/Au:N/C:P/I:P/A:N) December 26, 2007 March 11, 2010 July 03, 2017


Tomcat is a servlet container for Java Servlet and JavaServer Pagestechnologies.A directory traversal vulnerability existed in the Apache Tomcat webdavservlet. In some configurations it allowed remote authenticated users toread files accessible to the local tomcat process. (CVE-2007-5461)The default security policy in the JULI logging component did not restrictaccess permissions to files. This could be misused by untrusted webapplications to access and write arbitrary files in the context of thetomcat process. (CVE-2007-5342)Users of Tomcat should update to these errata packages, which containbackported patches and are not vulnerable to these issues.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now




Related Vulnerabilities