{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2007-5342","title":"Title"},{"category":"description","text":"The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2007-5342","url":"https://www.suse.com/security/cve/CVE-2007-5342"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 350653 for CVE-2007-5342","url":"https://bugzilla.suse.com/350653"},{"category":"external","summary":"SUSE Bug 358544 for CVE-2007-5342","url":"https://bugzilla.suse.com/358544"},{"category":"external","summary":"SUSE Bug 427726 for CVE-2007-5342","url":"https://bugzilla.suse.com/427726"},{"category":"external","summary":"Advisory link for SUSE-SR:2009:004","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N/#BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N"}],"title":"SUSE CVE CVE-2007-5342","tracking":{"current_release_date":"2023-12-09T03:40:02Z","generator":{"date":"2023-02-15T06:10:35Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2007-5342","initial_release_date":"2023-02-15T06:10:35Z","revision_history":[{"date":"2023-02-15T06:10:35Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:17:58Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:40:02Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}