CVE-2013-0346Apache Tomcat vulnerability

CWE-2645 documents5 sources
Severity
2.1LOWNVD
EPSS
0.6%
top 29.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedFeb 15
Latest updateMay 5

Description

Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat51 versions+50

🔴Vulnerability Details

2
GHSA
GHSA-79m3-w93m-vjpg: ** DISPUTED ** Apache Tomcat 72022-05-05
CVEList
CVE-2013-0346: Apache Tomcat 72014-02-15

📋Vendor Advisories

1
Red Hat
tomcat: World-readable log directory2013-02-22

💬Community

1
Bugzilla
CVE-2013-0346 tomcat: World-readable log directory2013-03-22
CVE-2013-0346 — Apache Tomcat vulnerability | cvebase