Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
BID:58124
Info
Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
| Bugtraq ID: | 58124 |
| Class: | Design Error |
| CVE: |
CVE-2013-0346 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 22 2013 12:00AM |
| Updated: | Aug 01 2014 12:51PM |
| Credit: | Agostino Sarubbo |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
Apache Tomcat is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
Apache Tomcat is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
Exploit / POC
Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
Attackers can use readily available tools and standard commands to exploit this issue.
Attackers can use readily available tools and standard commands to exploit this issue.
Solution / Fix
Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
References:
References:
- Apache Tomcat Homepage (Apache)