CVE-2013-0346
Apache Tomcat 7.x - Information Disclosure via World-Readable Log Directory
Title source: llmDescription
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
References (2)
Core 2
Core References
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=924841
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2013/02/23/5
Scores
EPSS
0.0064
EPSS Percentile
70.8%
Details
CWE
CWE-264
Status
published
Products (47)
apache/tomcat
7.0.0 (2 CPE variants)
apache/tomcat
7.0.1
apache/tomcat
7.0.2 (2 CPE variants)
apache/tomcat
7.0.3
apache/tomcat
7.0.4 (2 CPE variants)
apache/tomcat
7.0.5
apache/tomcat
7.0.6
apache/tomcat
7.0.7
apache/tomcat
7.0.8
apache/tomcat
7.0.9
... and 37 more
Published
Feb 15, 2014
Tracked Since
Feb 18, 2026