Oracle Solaris Third-Party Patch Update : tomcat (cve_2013_0346_permissions_privileges)
Low Nessus Plugin ID 80795
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- ** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated 'The tomcat log directory does not contain any sensitive information.' (CVE-2013-0346)
SolutionUpgrade to Solaris 11.2.