CVE-2007-5342

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 5.5.9 through 5.5.25 Apache Tomcat versions 6.0.0 through 6.0.15

Description: The default catalina.policy in the JULI logging component does not restrict certain permissions for web applications, allowing attackers to modify logging configuration options and overwrite arbitrary files. This can be achieved by changing attributes in the org.apache.juli.FileHandler handler, such as the level, directory, and prefix. The JULI logging component allows web applications to provide their own logging configurations, and the default security policy does not restrict this configuration, enabling an untrusted web application to add files or overwrite existing files where the Tomcat process has the necessary file permissions.

Recommendations: For Apache Tomcat versions 5.5.9 through 5.5.25, restrict the permissions for web applications in the catalina.policy file to prevent modification of logging configuration options. For Apache Tomcat versions 6.0.0 through 6.0.15, restrict the permissions for web applications in the catalina.policy file to prevent modification of logging configuration options. As a temporary workaround, consider disabling the org.apache.juli.FileHandler handler until a patch is available.