CVE-2013-0346
Published: 15 February 2014
** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
Notes
| Author | Note |
|---|---|
| jdstrand | /var/log/tomcat5.5 is 750 on Ubuntu 8.04 LTS /var/log/tomcat6 is 750 on Ubuntu 10.04 LTS10 and higher /var/log/tomcat7 is 750 on Ubuntu 11.10 and higher |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
tomcat5.5 Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
| lucid |
Does not exist
|
|
| oneiric |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
tomcat6 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
tomcat7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| upstream |
Needs triage
|