Tomcat is a servlet container for Java Servlet and JavaServer Pagestechnologies.A directory traversal vulnerability existed in the Apache Tomcat webdavservlet. In some configurations it allowed remote authenticated users toread files accessible to the local tomcat process. (CVE-2007-5461)The default security policy in the JULI logging component did not restrictaccess permissions to files. This could be misused by untrusted webapplications to access and write arbitrary files in the context of thetomcat process. (CVE-2007-5342)Users of Tomcat should update to these errata packages, which containbackported patches and are not vulnerable to these issues.