oss-sec mailing list archives
Re: Cve request: tomcat world-readable logdir
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 22 Feb 2013 22:47:47 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/22/2013 05:59 AM, Agostino Sarubbo wrote:
Hello, Tomcat 7 have a world readable log/logdir: drwxr-xr-x 2 ago ago 4096 Feb 22 13:50 . drwxr-xr-x 8 root root 4096 Feb 22 13:50 .. -rw-r--r-- 1 ago ago 5919 Feb 22 13:51 catalina.2013-02-22.log -rw-r--r-- 1 ago ago 0 Feb 22 13:50 host-manager.2013-02-22.log -rw-r--r-- 1 ago ago 0 Feb 22 13:50 localhost.2013-02-22.log -rw-r--r-- 1 ago ago 0 Feb 22 13:50 localhost_access_log.2013-02-22.txt -rw-r--r-- 1 ago ago 0 Feb 22 13:50 manager.2013-02-22.log I'd like to have a confirm on what is the behavior on the other distros because it could be gentoo-related.
Please use CVE-2013-0346 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRKFgDAAoJEBYNRVNeJnmTNCoP/i9b4pJnVxGFxGyotDh/m8jy /gCFHhLudK7w+i/5uDhYIPafANXU3NEZRPJqGF5E2NZOpSltXo+MgvxI33szlOGC nVEPWtrm71vLnFaPoTTvMBQJM/XKX2SzSoh4jiHZpYto4bPmcqX0T22Nl3xKVsK5 LD1YhnzlPiM8CJ26V3SN0ms6mRA841LvFK/pa4YxQ6bMs6hXYKVSdL3ouyxbBu36 5BPpaRCnVOc1GLgCDvwhyml4AkA0vabyvV7iXZX35tfDCiV/8PpQhOnb6mA0xRDN SP3NK+h0f5TiyBvztBZGNT0TD/NN8kZleXup3k4NBopQ0GOwSyuFGevX7Bxht2Qy XCQv/8W2HtIx/GTzF3TDzD7l3xYS/Xj+0cSkikw3te9Rkov4YtVwJ06DA3pRwmqm rCK63Ig8tSTNTQhjEz/ch1Y7ohSq2TL3NcPpGnZcaluwF06acPVmYmfakEJwCnur VocgcMRqyQBnYse1/IKUQdzcRvfNtSO/ucJkqyLNhxXqONacViNf+HtIsfOaSelh qmTdaHbO6HntZXJXSTeV6ZASnUgQAIWsn108ZQwuuVlE91khPN8HzbJm8xsjl8tM YV3bGBrDe0fbQ3LaVlIFmooR94MUsr/9feCOoWFOgh58knE/RU2qffBsro5fCEM8 fRYBuVzcB7fH9MeyW2Xq =mL9N -----END PGP SIGNATURE-----
Current thread:
- Cve request: tomcat world-readable logdir Agostino Sarubbo (Feb 22)
- Re: Cve request: tomcat world-readable logdir Kurt Seifried (Feb 22)