'Re: [oss-security] Cve request: tomcat world-readable logdir'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Cve request: tomcat world-readable logdir
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2013-02-23 5:47:47
Message-ID: 51285803.3040403 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/22/2013 05:59 AM, Agostino Sarubbo wrote:
> Hello,
> 
> Tomcat 7 have a world readable log/logdir:
> 
> drwxr-xr-x 2 ago  ago  4096 Feb 22 13:50 .
>  drwxr-xr-x 8 root root 4096 Feb 22 13:50 ..
>  -rw-r--r-- 1 ago  ago  5919 Feb 22 13:51 catalina.2013-02-22.log
>  -rw-r--r-- 1 ago  ago     0 Feb 22 13:50
> host-manager.2013-02-22.log
>  -rw-r--r-- 1 ago  ago     0 Feb 22 13:50 localhost.2013-02-22.log
>  -rw-r--r-- 1 ago  ago     0 Feb 22 13:50
> localhost_access_log.2013-02-22.txt
>  -rw-r--r-- 1 ago  ago     0 Feb 22 13:50 manager.2013-02-22.log
> 
> I'd like to have a confirm on what is the behavior on the other
> distros because it could be gentoo-related.

Please use CVE-2013-0346 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRKFgDAAoJEBYNRVNeJnmTNCoP/i9b4pJnVxGFxGyotDh/m8jy
/gCFHhLudK7w+i/5uDhYIPafANXU3NEZRPJqGF5E2NZOpSltXo+MgvxI33szlOGC
nVEPWtrm71vLnFaPoTTvMBQJM/XKX2SzSoh4jiHZpYto4bPmcqX0T22Nl3xKVsK5
LD1YhnzlPiM8CJ26V3SN0ms6mRA841LvFK/pa4YxQ6bMs6hXYKVSdL3ouyxbBu36
5BPpaRCnVOc1GLgCDvwhyml4AkA0vabyvV7iXZX35tfDCiV/8PpQhOnb6mA0xRDN
SP3NK+h0f5TiyBvztBZGNT0TD/NN8kZleXup3k4NBopQ0GOwSyuFGevX7Bxht2Qy
XCQv/8W2HtIx/GTzF3TDzD7l3xYS/Xj+0cSkikw3te9Rkov4YtVwJ06DA3pRwmqm
rCK63Ig8tSTNTQhjEz/ch1Y7ohSq2TL3NcPpGnZcaluwF06acPVmYmfakEJwCnur
VocgcMRqyQBnYse1/IKUQdzcRvfNtSO/ucJkqyLNhxXqONacViNf+HtIsfOaSelh
qmTdaHbO6HntZXJXSTeV6ZASnUgQAIWsn108ZQwuuVlE91khPN8HzbJm8xsjl8tM
YV3bGBrDe0fbQ3LaVlIFmooR94MUsr/9feCOoWFOgh58knE/RU2qffBsro5fCEM8
fRYBuVzcB7fH9MeyW2Xq
=mL9N
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic