Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Tomcat 权限许可和访问控制问题漏洞
Vulnerability Description
Apache Tomcat是美国Apache基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。ecto是elixir-ecto开源的一个用于数据映射和语言集成查询的工具包。 Apache Tomcat存在权限许可和访问控制问题漏洞。本地攻击者利用该漏洞获得访问到全局可读的日志文件权限进而从中提取敏感信息,信息的获得有助于其他攻击。
CVSS Information
N/A
Vulnerability Type
N/A