Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2013-0346

CVE information

Published

8 years ago

Last Modified

8 years ago

CVSSv2.0 Severity

Low

Impact Analysis

Description

** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information.".

CVSSv2.0 Score

Severity
Low
Base Score
2.1/10
Exploit Score
3.9/10
Access Vector
Local
Access Complexity
Low
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.49:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.48:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.50:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.47:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*
  Yes
- -