Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2007-5342

Published: Dec 27, 2007 | Modified: Apr 09, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2007-5342
CWEhttps://cwe.mitre.org/data/definitions/264.html

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.

Affected Software

NameVendorStart VersionEnd Version
TomcatApache5.5.9 (including)5.5.9 (including)
TomcatApache5.5.10 (including)5.5.10 (including)
TomcatApache5.5.11 (including)5.5.11 (including)
TomcatApache5.5.12 (including)5.5.12 (including)
TomcatApache5.5.13 (including)5.5.13 (including)
TomcatApache5.5.14 (including)5.5.14 (including)
TomcatApache5.5.15 (including)5.5.15 (including)
TomcatApache5.5.16 (including)5.5.16 (including)
TomcatApache5.5.17 (including)5.5.17 (including)
TomcatApache5.5.18 (including)5.5.18 (including)
TomcatApache5.5.19 (including)5.5.19 (including)
TomcatApache5.5.20 (including)5.5.20 (including)
TomcatApache5.5.21 (including)5.5.21 (including)
TomcatApache5.5.22 (including)5.5.22 (including)
TomcatApache5.5.23 (including)5.5.23 (including)
TomcatApache5.5.24 (including)5.5.24 (including)
TomcatApache5.5.25 (including)5.5.25 (including)
TomcatApache6.0 (including)6.0 (including)
TomcatApache6.0.1 (including)6.0.1 (including)
TomcatApache6.0.2 (including)6.0.2 (including)
TomcatApache6.0.3 (including)6.0.3 (including)
TomcatApache6.0.4 (including)6.0.4 (including)
TomcatApache6.0.5 (including)6.0.5 (including)
TomcatApache6.0.6 (including)6.0.6 (including)
TomcatApache6.0.7 (including)6.0.7 (including)
TomcatApache6.0.8 (including)6.0.8 (including)
TomcatApache6.0.9 (including)6.0.9 (including)
TomcatApache6.0.10 (including)6.0.10 (including)
TomcatApache6.0.11 (including)6.0.11 (including)
TomcatApache6.0.12 (including)6.0.12 (including)
TomcatApache6.0.13 (including)6.0.13 (including)
TomcatApache6.0.14 (including)6.0.14 (including)
TomcatApache6.0.15 (including)6.0.15 (including)
JBEAP 4.2.0 for RHEL 4RedHatglassfish-javamail-0:1.4.0-0jpp.ep1.10.el4*
JBEAP 4.2.0 for RHEL 4RedHathibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4*
JBEAP 4.2.0 for RHEL 4RedHathibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4*
JBEAP 4.2.0 for RHEL 4RedHathibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4*
JBEAP 4.2.0 for RHEL 4RedHatjbossas-0:4.2.0-3.GA_CP04.ep1.8.el4*
JBEAP 4.2.0 for RHEL 4RedHatjboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjboss-seam-0:1.2.1-1.ep1.10.el4*
JBEAP 4.2.0 for RHEL 4RedHatjbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4*
JBEAP 4.2.0 for RHEL 4RedHatjbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4*
JBEAP 4.2.0 for RHEL 4RedHatrh-eap-docs-0:4.2.0-4.GA_CP04.ep1.5.el4*
JBEAP 4.2.0 for RHEL 5RedHathibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5*
JBEAP 4.2.0 for RHEL 5RedHathibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1*
JBEAP 4.2.0 for RHEL 5RedHatjboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5*
JBEAP 4.2.0 for RHEL 5RedHatjbossas-0:4.2.0-4.GA_CP04.ep1.7.el5.6*
JBEAP 4.2.0 for RHEL 5RedHatjboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5*
JBEAP 4.2.0 for RHEL 5RedHatjboss-seam-0:1.2.1-1.ep1.9.el5*
JBEAP 4.2.0 for RHEL 5RedHatjbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5*
JBEAP 4.2.0 for RHEL 5RedHatjbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5*
JBEAP 4.2.0 for RHEL 5RedHatrh-eap-docs-0:4.2.0-4.GA_CP04.ep1.3.el5*
Red Hat Developer Suite V.3RedHattomcat5-0:5.5.23-0jpp_11rh*
Red Hat Enterprise Linux 5RedHattomcat5-0:5.5.23-0jpp.3.0.3.el5_1*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatglassfish-javamail-0:1.4.0-0jpp.ep1.10.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatglassfish-jaxb-0:2.1.4-1jpp.ep1.2.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatglassfish-jaxws-0:2.1.1-1jpp.ep1.3.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHathibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHathibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHathibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjavassist-0:3.8.0-1.ep1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossas-0:4.3.0-2.GA_CP02.ep1.10.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatjbossws-framework-0:2.0.1-0jpp.ep1.11.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4RedHatrh-eap-docs-0:4.3.0-3.GA_CP02.ep1.9.el4*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatglassfish-jaf-0:1.1.0-0jpp.ep1.12.el5.1*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatglassfish-javamail-0:1.4.0-0jpp.ep1.10.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatglassfish-jaxb-0:2.1.4-1jpp.ep1.4.el5.2*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatglassfish-jaxws-0:2.1.1-1jpp.ep1.3.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatglassfish-jstl-0:1.2.0-0jpp.ep1.10.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHathibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHathibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHathibernate3-commons-annotations-0:0.0.0-1.1jpp.ep1.1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHathibernate3-entitymanager-0:3.2.1-2.GA_CP03.1jpp.ep1.9.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHathibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjavassist-0:3.8.0-1jpp.ep1.2.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossas-0:4.3.0-2.GA_CP02.ep1.10.el5.2*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-jaxr-0:1.2.0-SP1.0jpp.ep1.4.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el5.1*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el5.1*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossws-framework-0:2.0.1-0jpp.ep1.11.el5*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatjbossxb-0:1.0.0-2.SP3.0jpp.ep1.3.el5.1*
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5RedHatrh-eap-docs-0:4.3.0-2.GA_CP02.ep1.6.el5*
RHAPS Version 2 for RHEL 4RedHattomcat5-0:5.5.23-0jpp_4rh.9*
Tomcat5.5Ubuntudevel*
Tomcat5.5Ubuntuedgy*
Tomcat5.5Ubuntufeisty*
Tomcat5.5Ubuntugutsy*
Tomcat5.5Ubuntuhardy*
Tomcat5.5Ubuntuintrepid*

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use