oss-sec mailing list archives
Cve request: tomcat world-readable logdir
From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 22 Feb 2013 13:59:07 +0100
Hello,
Tomcat 7 have a world readable log/logdir:
drwxr-xr-x 2 ago ago 4096 Feb 22 13:50 .
drwxr-xr-x 8 root root 4096 Feb 22 13:50 ..
-rw-r--r-- 1 ago ago 5919 Feb 22 13:51 catalina.2013-02-22.log
-rw-r--r-- 1 ago ago 0 Feb 22 13:50 host-manager.2013-02-22.log
-rw-r--r-- 1 ago ago 0 Feb 22 13:50 localhost.2013-02-22.log
-rw-r--r-- 1 ago ago 0 Feb 22 13:50 localhost_access_log.2013-02-22.txt
-rw-r--r-- 1 ago ago 0 Feb 22 13:50 manager.2013-02-22.log
I'd like to have a confirm on what is the behavior on the other distros
because it could be gentoo-related.
--
Agostino Sarubbo
Gentoo Linux Developer
Current thread:
- Cve request: tomcat world-readable logdir Agostino Sarubbo (Feb 22)
- Re: Cve request: tomcat world-readable logdir Kurt Seifried (Feb 22)