PT-2014-2453 · Apache · Apache Tomcat
Agostino Sarubbo
+1
·
Published
2014-02-15
·
Updated
2024-08-06
·
CVE-2013-0346
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat versions 7.x
Description
The issue allows local users to potentially obtain sensitive information by reading files due to world-readable permissions for the log directory and its files. However, one Tomcat distributor claims that the log directory does not contain sensitive information.
Recommendations
For Apache Tomcat version 7.x, consider changing the permissions of the log directory and its files to prevent world-readable access, thereby minimizing the risk of sensitive information disclosure.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Tomcat