CVE-2007-5342
permissions vulnerability in tomcat-juli (Maven)
What is CVE-2007-5342 About?
This vulnerability in Apache Tomcat's JULI logging component a specific 'catalina.policy' allows web applications to modify logging configurations and overwrite arbitrary files. This can lead to system compromise and data destruction. Exploitation is possible due to insufficient restrictions on web application permissions.
Affected Software
- org.apache.tomcat:tomcat-juli
- >5.5.9, <=5.5.25
- >6.0.0, <=6.0.15
Technical Details
The vulnerability lies in the default catalina.policy configuration within the JULI logging component of Apache Tomcat versions 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15. This policy fails to adequately restrict certain permissions granted to web applications. Specifically, web applications are permitted to modify logging configuration options for the org.apache.juli.FileHandler, including attributes like 'level', 'directory', and 'prefix'. By modifying these attributes, a malicious web application can specify an arbitrary directory and file prefix for log files, effectively causing Tomcat to write log data to any location on the file system. This can lead to arbitrary file overwrite, which can then be leveraged for privilege escalation or remote code execution by overwriting configuration files or executables.
What is the Impact of CVE-2007-5342?
Successful exploitation may allow attackers to modify logging configurations and overwrite arbitrary files on the server, leading to privilege escalation, arbitrary code execution, or denial of service.
What is the Exploitability of CVE-2007-5342?
Exploitation complexity is moderate, requiring the attacker to deploy a malicious web application or compromise an existing one to gain control over its permissions. Authentication to deploy or compromise a web application is a prerequisite. This is typically a local vulnerability from the perspective of the web application, though deploying the application can be remote. The attacker would operate with the privileges granted to the web application. The primary risk factor is running vulnerable versions of Apache Tomcat with the default catalina.policy without adequate restrictions on web application permissions, especially concerning logging configuration facilities.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2007-5342?
Available Upgrade Options
- No fixes available
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- http://www.redhat.com/support/errata/RHSA-2008-0833.html
- http://www.redhat.com/support/errata/RHSA-2008-0832.html
- http://security.gentoo.org/glsa/glsa-200804-10.xml
- https://osv.dev/vulnerability/GHSA-w65j-cmqc-37p2
- http://secunia.com/advisories/57126
- http://www.redhat.com/support/errata/RHSA-2008-0862.html
- http://www.securityfocus.com/bid/31681
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:188
- http://www.redhat.com/support/errata/RHSA-2008-0042.html
- https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
What are Similar Vulnerabilities to CVE-2007-5342?
Similar Vulnerabilities: CVE-2016-8745 , CVE-2017-5647 , CVE-2018-1304 , CVE-2019-0232 , CVE-2020-13935
