CVE-2013-0346
Published: 15 February 2014
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
Notes
Author | Note |
---|---|
jdstrand | /var/log/tomcat5.5 is 750 on Ubuntu 8.04 LTS /var/log/tomcat6 is 750 on Ubuntu 10.04 LTS10 and higher /var/log/tomcat7 is 750 on Ubuntu 11.10 and higher |
Priority
Status
Package | Release | Status |
---|---|---|
tomcat5.5 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Needs triage
|
|
tomcat6 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
upstream |
Needs triage
|
|
tomcat7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
upstream |
Needs triage
|