漏洞信息(CVE-2007-5342)

一、漏洞 CVE-2007-5342 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

在Apache Tomcat 5.5.9 through 5.5.25 和 6.0.0 through 6.0.15 中的 Juli 日志组件的默认 catalina.policy 并未限制 web 应用程序的某些权限，这允许攻击者修改日志配置选项并覆盖任意文件，例如，org.apache.juli.FileHandler Handler 中的 (1) 级别、(2) 目录和(3)前缀属性的变化就可以演示这一点。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Apache Tomcat JULI日志组件默认安全策略漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat的JULI日志组件允许Web应用提供自己的日志配置，默认的安全策略没有限制这种配置，允许不可信任的Web应用添加文件，或覆盖Tomcat进程拥有权限的已有文件。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

权限许可和访问控制问题

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2007-5342 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2007-5342 的情报信息

http://support.apple.com/kb/HT3216 x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0010.html x_refsource_CONFIRM
http://tomcat.apache.org/security-5.html x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=rev&revision=606594 x_refsource_MISC
http://tomcat.apache.org/security-6.html x_refsource_CONFIRM
http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2009-0016.html x_refsource_CONFIRM
http://securityreason.com/securityalert/3485 third-party-advisory x_refsource_SREASON
http://secunia.com/advisories/32266 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/30676 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28915 third-party-advisory x_refsource_SECUNIA
http://osvdb.org/39833 vdb-entry x_refsource_OSVDB
http://www.securityfocus.com/bid/27006 vdb-entry x_refsource_BID
http://secunia.com/advisories/32222 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/57126 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/31681 vdb-entry x_refsource_BID
http://secunia.com/advisories/37460 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28317 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29711 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28274 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29313 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32120 third-party-advisory x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1447 vendor-advisory x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=139344343412337&w=2 vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2008/2780 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0013 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2823 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3316 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1856/references vdb-entry x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-0862.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0834.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0831.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0833.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0042.html vendor-advisory x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200804-10.xml vendor-advisory x_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2008-0195.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0832.html vendor-advisory x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2008:188 vendor-advisory x_refsource_MANDRIVA
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html vendor-advisory x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html vendor-advisory x_refsource_SUSE
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html vendor-advisory x_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html vendor-advisory x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10417 vdb-entry signature x_refsource_OVAL
https://exchange.xforce.ibmcloud.com/vulnerabilities/39201 vdb-entry x_refsource_XF
http://www.securityfocus.com/archive/1/485481/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
http://www.securityfocus.com/archive/1/507985/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2007-5342

一、 漏洞 CVE-2007-5342 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2007-5342 的公开POC

三、漏洞 CVE-2007-5342 的情报信息

一、漏洞 CVE-2007-5342 基础信息