No account yet?
Home » Exploits » Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
Apache Tomcat JULI Logging Component Default Security Policy Vulnerability E-mail
Feeds - Exploits
Written by Mark Thomas   
Wednesday, 18 February 2009 20:49
Apache Tomcat JULI Logging Component Default Security Policy Vulnerability


-\\Bugtraq ID:
27006

-\\Class:
Access Validation Error

-\\CVE:
CVE-2007-5342


-\\Remote:
No

-\\Local:
Yes

-\\Published:
Dec 24 2007 12:00AM

-\\Updated:
Feb 18 2009 05:47PM

-\\Credit:
Mark Thomas discovered this issue.



-\\Vulnerable:
WiKID Systems WiKID Server 3.0.4
VMWare VirtualCenter Management Server  2
VMWare ESX Server 3.0.2
VMWare ESX Server 3.0.1
VMWare ESX Server  3.5
S.u.S.E. SUSE Linux Enterprise Server  10 SP2
RedHat JBoss Enterprise Application Platform 4.3 EL5
RedHat JBoss Enterprise Application Platform 4.3 EL4
RedHat JBoss Enterprise Application Platform 4.2 EL5
RedHat JBoss Enterprise Application Platform 4.2 EL4
RedHat Fedora 8  0
RedHat Fedora 7  0
RedHat Enterprise Linux Desktop Workstation  5 client
RedHat Enterprise Linux Desktop  5 client
RedHat Enterprise Linux  5 server
RedHat Developer Suite EL4  3
RedHat Application Server WS4  2
RedHat Application Server ES4  2
RedHat Application Server AS4  2
MandrakeSoft Linux Mandrake  2008.1 x86_64
MandrakeSoft Linux Mandrake  2008.1
MandrakeSoft Linux Mandrake  2008.0 x86_64
MandrakeSoft Linux Mandrake  2008.0
Gentoo www-servers/tomcat 6.0.15
Gentoo www-servers/tomcat 6.0.14
Gentoo www-servers/tomcat 6.0.13
Gentoo www-servers/tomcat 6.0.12
Gentoo www-servers/tomcat 6.0.11
Gentoo www-servers/tomcat 6.0.10
Gentoo www-servers/tomcat 6.0.9
Gentoo www-servers/tomcat 6.0.8
Gentoo www-servers/tomcat 6.0.7
Gentoo www-servers/tomcat 6.0.6
Gentoo www-servers/tomcat 6.0.5
Gentoo www-servers/tomcat 6.0.4
Gentoo www-servers/tomcat 6.0.3
Gentoo www-servers/tomcat 6.0.2
Gentoo www-servers/tomcat 6.0.1
Gentoo www-servers/tomcat 6.0
Debian Linux  4.0 sparc
Debian Linux  4.0 s/390
Debian Linux  4.0 powerpc
Debian Linux  4.0 mipsel
Debian Linux  4.0 mips
Debian Linux  4.0 m68k
Debian Linux  4.0 ia-64
Debian Linux  4.0 ia-32
Debian Linux  4.0 hppa
Debian Linux  4.0 arm
Debian Linux  4.0 amd64
Debian Linux  4.0 alpha
Debian Linux  4.0
Avaya Meeting Exchange - Enterprise Edition  
Avaya Meeting Exchange 5.0 .0.52
Avaya Meeting Exchange  5.0
Avaya AES 4.2.1
Avaya AES 4.0.1
Avaya AES 3.1.6
Avaya AES 3.1.5
Avaya AES 3.1.4
Avaya AES 3.1.3
Avaya AES  4.2
Avaya AES  4.1
Avaya AES  4.0
Avaya AES  3.1
Avaya AES  3.0
Apple Mac OS X Server 10.5.5
Apache Software Foundation Tomcat 6.0.15
Apache Software Foundation Tomcat 6.0.14
Apache Software Foundation Tomcat 6.0.13
Apache Software Foundation Tomcat 6.0.12
Apache Software Foundation Tomcat 6.0.11
Apache Software Foundation Tomcat 6.0.10
Apache Software Foundation Tomcat 6.0.9
Apache Software Foundation Tomcat 6.0.8
Apache Software Foundation Tomcat 6.0.7
Apache Software Foundation Tomcat 6.0.6
Apache Software Foundation Tomcat 6.0.5
Apache Software Foundation Tomcat 6.0.4
Apache Software Foundation Tomcat 6.0.3
Apache Software Foundation Tomcat 6.0.2
Apache Software Foundation Tomcat 6.0.1
Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.5.25
Apache Software Foundation Tomcat 5.5.24
Apache Software Foundation Tomcat 5.5.23
Apache Software Foundation Tomcat 5.5.22
Apache Software Foundation Tomcat 5.5.21
Apache Software Foundation Tomcat 5.5.20
Apache Software Foundation Tomcat 5.5.20
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Tomcat 5.5.19
Apache Software Foundation Tomcat 5.5.18
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.16
Apache Software Foundation Tomcat 5.5.15
Apache Software Foundation Tomcat 5.5.14
Apache Software Foundation Tomcat 5.5.13
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.9



-\\Not Vulnerable:
WiKID Systems WiKID Server 3.0.5



-\\Discussion
Apache Tomcat is prone to a vulnerability that can allow third-party web applications to write files to arbitrary locations with the privileges of Tomcat.

This issue stems from an inadequate default security policy.

Attackers can leverage this issue to write or overwrite arbitrary log file data in unauthorized locations.

Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 are vulnerable.



-\\Exploit(s)/PoC(s):
Exploiting this issue requires that attackers install/execute Java web applications in the vulnerable Tomcat server.



-\\Solution
The vendor released a patch to address this issue. Please see the references for more information.


MandrakeSoft Linux Mandrake  2008.0 x86_64
--Mandriva  tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/

MandrakeSoft Linux Mandrake  2008.0
--Mandriva  tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/
--Mandriva  tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm
http://www.mandriva.com/en/downloadhttp://www.mandriva.com/en/download/

Apple Mac OS X Server 10.5.5
--Apple  SecUpdSrvr2008-007.dmg
http://www.apple.com/support/downloads/securityupdate2008007serverleopard.htmhttp://www.apple.com/support/downloads/securityupdate2008007serverleopard.html

Apache Software Foundation Tomcat 5.5.10
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.10
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.11
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.11
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.12
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.12
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.13
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.14
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.16
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.17
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.17
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.18
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.19
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.20
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.20
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.21
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.22
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.23
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.24
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.25
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 5.5.9
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.1
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.11
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.12
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.14
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.15
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.4
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.5
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.6
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.7
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.8
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch

Apache Software Foundation Tomcat 6.0.9
--Apache Software Foundation  Diff of /tomcat/trunk/conf/catalina.policy 2007/12/23 19:22:18606594
http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patchttp://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=606594&r2=606593&pathrev=606594&view=patch



-\\Reference(s)
--Release Name: 3.0.5
https://sourceforge.net/project/shownotes.php?release_id=626903&group_id=14477  (WiKID Systems)
--Revision 606594
http://svn.apache.org/viewvc?view=rev&revision=60659  (Apache Software Foundation)
--Tomcat Homepage
http://jakarta.apache.org/tomcat  (Apache Software Foundation)
--[CVE-2007-5342] Apache Tomcat's default security policy is too open
http://www.securityfocus.com/archive/1/48548  (Mark Thomas < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)
--ASA-2008-401 - tomcat security update (RHSA-2008-0862)
http://support.avaya.com/elmodocs2/security/ASA-2008-401.ht  (Avaya)
--RHSA-2008:0042-4 - tomcat security update
https://rhn.redhat.com/errata/RHSA-2008-0042.htm  (Red Hat)
--RHSA-2008:0195-5 tomcat security update
http://rhn.redhat.com/errata/RHSA-2008-0195.htm  (Red Hat)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff