Simon Fayer

**Name of the Vulnerable Software and Affected Versions** Tomcat versions in JBoss Enterprise Web Server 1.0.2 and 2.0.0 Tomcat versions in Red Hat Enterprise Linux 5 and 6 **Description** The issue allows local users to change the ownership of arbitrary files via a symlink attack on log files, including `tomcat5-initd.log`, `tomcat6-initd.log`, `catalina.out`, or `tomcat7-initd.log`. **Recommendations** For Tomcat versions in JBoss Enterprise Web Server 1.0.2 and 2.0.0, consider restricting access to the log files to prevent symlink attacks. For Tomcat versions in Red Hat Enterprise Linux 5 and 6, restrict access to the log files to minimize the risk of exploitation. As a temporary workaround, consider setting the log files to immutable to prevent changes until a patch is available.