oss-sec mailing list archives
Cve request: tomcat world-readable logdir
From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 22 Feb 2013 13:59:07 +0100
Hello, Tomcat 7 have a world readable log/logdir: drwxr-xr-x 2 ago ago 4096 Feb 22 13:50 . drwxr-xr-x 8 root root 4096 Feb 22 13:50 .. -rw-r--r-- 1 ago ago 5919 Feb 22 13:51 catalina.2013-02-22.log -rw-r--r-- 1 ago ago 0 Feb 22 13:50 host-manager.2013-02-22.log -rw-r--r-- 1 ago ago 0 Feb 22 13:50 localhost.2013-02-22.log -rw-r--r-- 1 ago ago 0 Feb 22 13:50 localhost_access_log.2013-02-22.txt -rw-r--r-- 1 ago ago 0 Feb 22 13:50 manager.2013-02-22.log I'd like to have a confirm on what is the behavior on the other distros because it could be gentoo-related. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- Cve request: tomcat world-readable logdir Agostino Sarubbo (Feb 22)
- Re: Cve request: tomcat world-readable logdir Kurt Seifried (Feb 22)