[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Cve request: tomcat world-readable logdir
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-02-23 5:47:47
Message-ID: 51285803.3040403 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/22/2013 05:59 AM, Agostino Sarubbo wrote:
> Hello,
>
> Tomcat 7 have a world readable log/logdir:
>
> drwxr-xr-x 2 ago ago 4096 Feb 22 13:50 .
> drwxr-xr-x 8 root root 4096 Feb 22 13:50 ..
> -rw-r--r-- 1 ago ago 5919 Feb 22 13:51 catalina.2013-02-22.log
> -rw-r--r-- 1 ago ago 0 Feb 22 13:50
> host-manager.2013-02-22.log
> -rw-r--r-- 1 ago ago 0 Feb 22 13:50 localhost.2013-02-22.log
> -rw-r--r-- 1 ago ago 0 Feb 22 13:50
> localhost_access_log.2013-02-22.txt
> -rw-r--r-- 1 ago ago 0 Feb 22 13:50 manager.2013-02-22.log
>
> I'd like to have a confirm on what is the behavior on the other
> distros because it could be gentoo-related.
Please use CVE-2013-0346 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQIcBAEBAgAGBQJRKFgDAAoJEBYNRVNeJnmTNCoP/i9b4pJnVxGFxGyotDh/m8jy
/gCFHhLudK7w+i/5uDhYIPafANXU3NEZRPJqGF5E2NZOpSltXo+MgvxI33szlOGC
nVEPWtrm71vLnFaPoTTvMBQJM/XKX2SzSoh4jiHZpYto4bPmcqX0T22Nl3xKVsK5
LD1YhnzlPiM8CJ26V3SN0ms6mRA841LvFK/pa4YxQ6bMs6hXYKVSdL3ouyxbBu36
5BPpaRCnVOc1GLgCDvwhyml4AkA0vabyvV7iXZX35tfDCiV/8PpQhOnb6mA0xRDN
SP3NK+h0f5TiyBvztBZGNT0TD/NN8kZleXup3k4NBopQ0GOwSyuFGevX7Bxht2Qy
XCQv/8W2HtIx/GTzF3TDzD7l3xYS/Xj+0cSkikw3te9Rkov4YtVwJ06DA3pRwmqm
rCK63Ig8tSTNTQhjEz/ch1Y7ohSq2TL3NcPpGnZcaluwF06acPVmYmfakEJwCnur
VocgcMRqyQBnYse1/IKUQdzcRvfNtSO/ucJkqyLNhxXqONacViNf+HtIsfOaSelh
qmTdaHbO6HntZXJXSTeV6ZASnUgQAIWsn108ZQwuuVlE91khPN8HzbJm8xsjl8tM
YV3bGBrDe0fbQ3LaVlIFmooR94MUsr/9feCOoWFOgh58knE/RU2qffBsro5fCEM8
fRYBuVzcB7fH9MeyW2Xq
=mL9N
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic