4.2 - CVE-2009-0783

Executive Summary

Informations
Name	CVE-2009-0783	First vendor Publication	2009-06-05
Vendor	Cve	Last vendor Modification	2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Overall CVSS Score	4.2
Base Score	4.2	Environmental Score	4.2
impact SubScore	3.4	Temporal Score	4.2
Exploitabality Sub Score	0.8

Attack Vector	Local	Attack Complexity	Low
Privileges Required	High	User Interaction	None
Scope	Unchanged	Confidentiality Impact	Low
Integrity Impact	Low	Availability Impact	Low
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-200	Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10716

Oval ID:	oval:org.mitre.oval:def:10716
Title:	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Description:	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0783	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5 is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jasper is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-server-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-common-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2

Definition Id: oval:org.mitre.oval:def:13787

Oval ID:	oval:org.mitre.oval:def:13787
Title:	USN-788-1 -- tomcat6 vulnerabilities
Description:	Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. Yoshihito Fukuyama discovered that Tomcat did not properly handle errors when the Java AJP connector and mod_jk load balancing are used. A remote attacker could send specially crafted requests containing invalid headers to the server and cause a temporary denial of service. D. Matscheko and T. Hackner discovered that Tomcat did not properly handle malformed URL encoding of passwords when FORM authentication is used. A remote attacker could exploit this in order to enumerate valid usernames. Deniz Cevik discovered that Tomcat did not properly escape certain parameters in the example calendar application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Philippe Prados discovered that Tomcat allowed web applications to replace the XML parser used by other web applications. Local users could exploit this to bypass security restrictions and gain access to certain sensitive files
Family:	unix	Class:	patch
Reference(s):	USN-788-1 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 9.04	Product(s):	tomcat6
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Installed architecture is all AND Packages section libservlet2.5-java DPKG is earlier than 6.0.18-0ubuntu3.2 AND libtomcat6-java DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-docs DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6 DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-admin DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-common DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-user DPKG is earlier than 6.0.18-0ubuntu3.2 AND tomcat6-examples DPKG is earlier than 6.0.18-0ubuntu3.2 OR Release section Ubuntu 9.04 is installed AND Installed architecture is all AND Packages section libservlet2.5-java DPKG is earlier than 6.0.18-0ubuntu6.1 AND libtomcat6-java DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-docs DPKG is earlier than 6.0.18-0ubuntu6.1 AND libservlet2.5-java-doc DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6 DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-admin DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-common DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-user DPKG is earlier than 6.0.18-0ubuntu6.1 AND tomcat6-examples DPKG is earlier than 6.0.18-0ubuntu6.1

Definition Id: oval:org.mitre.oval:def:18913

Oval ID:	oval:org.mitre.oval:def:18913
Title:	HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
Description:	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0783	Version:	11
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
platforms HP Release B.11.23 AND HP-UX B.11.31 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.36.01

Definition Id: oval:org.mitre.oval:def:22721

Oval ID:	oval:org.mitre.oval:def:22721
Title:	ELSA-2009:1164: tomcat security update (Important)
Description:	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1164-01 CVE-2007-5333 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783	Version:	29
Platform(s):	Oracle Linux 5	Product(s):	tomcat5
Definition Synopsis:
Oracle Linux 5.x rpm test tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-server-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jasper is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-common-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5 is earlier than 0:5.5.23-0jpp.7.el5_3.2

Definition Id: oval:org.mitre.oval:def:29179

Oval ID:	oval:org.mitre.oval:def:29179
Title:	RHSA-2009:1164 -- tomcat security update (Important)
Description:	Updated tomcat packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1164 CESA-2009:1164-CentOS 5 CVE-2007-5333 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	tomcat5
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section tomcat5 is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-common-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jasper is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-server-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 AND tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.7.el5_3.2

Definition Id: oval:org.mitre.oval:def:6450

Oval ID:	oval:org.mitre.oval:def:6450
Title:	HP-UX Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Unauthorized Access
Description:	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0783	Version:	9
Platform(s):	HP-UX 11	Product(s):
Definition Synopsis:
Criteria meets HP Security Bulletin HPSBUX02466 HP Release B.11.23 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.27.03 OR Criteria meets HP Security Bulletin HPSBUX02466 HP Release B.11.11 AND hpuxwsTOMCAT.TOMCAT version is less than B.5.5.27.03 OR Criteria meets HP Security Bulletin HPSBUX02466 HP-UX B.11.31 AND hpuxws22TOMCAT.TOMCAT version is less than B.5.5.27.03

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Tomcat cpe:2.3:a:apache:tomcat:6.0.9:::::::* cpe:2.3:a:apache:tomcat:6.0.9:beta:::::: cpe:2.3:a:apache:tomcat:6.0.8:::::::* cpe:2.3:a:apache:tomcat:6.0.8:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.7:::::::* cpe:2.3:a:apache:tomcat:6.0.7:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.7:beta:::::: cpe:2.3:a:apache:tomcat:6.0.6:::::::* cpe:2.3:a:apache:tomcat:6.0.6:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.5:::::::* cpe:2.3:a:apache:tomcat:6.0.4:::::::* cpe:2.3:a:apache:tomcat:6.0.4:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.3:::::::* cpe:2.3:a:apache:tomcat:6.0.2:::::::* cpe:2.3:a:apache:tomcat:6.0.2:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.2:beta:::::: cpe:2.3:a:apache:tomcat:6.0.18:::::::* cpe:2.3:a:apache:tomcat:6.0.17:::::::* cpe:2.3:a:apache:tomcat:6.0.16:::::::* cpe:2.3:a:apache:tomcat:6.0.15:::::::* cpe:2.3:a:apache:tomcat:6.0.14:::::::* cpe:2.3:a:apache:tomcat:6.0.13:::::::* cpe:2.3:a:apache:tomcat:6.0.12:::::::* cpe:2.3:a:apache:tomcat:6.0.11:::::::* cpe:2.3:a:apache:tomcat:6.0.10:::::::* cpe:2.3:a:apache:tomcat:6.0.1:::::::* cpe:2.3:a:apache:tomcat:6.0.1:alpha:::::: cpe:2.3:a:apache:tomcat:6.0.0:::::::* cpe:2.3:a:apache:tomcat:6.0.0:alpha:::::: cpe:2.3:a:apache:tomcat:6.0:::::::* cpe:2.3:a:apache:tomcat:6:::::::* cpe:2.3:a:apache:tomcat:5.5.9:::::::* cpe:2.3:a:apache:tomcat:5.5.8:::::::* cpe:2.3:a:apache:tomcat:5.5.7:::::::* cpe:2.3:a:apache:tomcat:5.5.6:::::::* cpe:2.3:a:apache:tomcat:5.5.5:::::::* cpe:2.3:a:apache:tomcat:5.5.4:::::::* cpe:2.3:a:apache:tomcat:5.5.35:::::::* cpe:2.3:a:apache:tomcat:5.5.34:::::::* cpe:2.3:a:apache:tomcat:5.5.33:::::::* cpe:2.3:a:apache:tomcat:5.5.32:::::::* cpe:2.3:a:apache:tomcat:5.5.31:::::::* cpe:2.3:a:apache:tomcat:5.5.30:::::::* cpe:2.3:a:apache:tomcat:5.5.3:::::::* cpe:2.3:a:apache:tomcat:5.5.29:::::::* cpe:2.3:a:apache:tomcat:5.5.28:::::::* cpe:2.3:a:apache:tomcat:5.5.27:::::::* cpe:2.3:a:apache:tomcat:5.5.26:::::::* cpe:2.3:a:apache:tomcat:5.5.25:::::::* cpe:2.3:a:apache:tomcat:5.5.24:::::::* cpe:2.3:a:apache:tomcat:5.5.23:::::::* cpe:2.3:a:apache:tomcat:5.5.22:::::::* cpe:2.3:a:apache:tomcat:5.5.21:::::::* cpe:2.3:a:apache:tomcat:5.5.20:::::::* cpe:2.3:a:apache:tomcat:5.5.2:::::::* cpe:2.3:a:apache:tomcat:5.5.19:::::::* cpe:2.3:a:apache:tomcat:5.5.18:::::::* cpe:2.3:a:apache:tomcat:5.5.17:::::::* cpe:2.3:a:apache:tomcat:5.5.16:::::::* cpe:2.3:a:apache:tomcat:5.5.15:::::::* cpe:2.3:a:apache:tomcat:5.5.14:::::::* cpe:2.3:a:apache:tomcat:5.5.13:::::::* cpe:2.3:a:apache:tomcat:5.5.12:::::::* cpe:2.3:a:apache:tomcat:5.5.11:::::::* cpe:2.3:a:apache:tomcat:5.5.10:::::::* cpe:2.3:a:apache:tomcat:5.5.1:::::::* cpe:2.3:a:apache:tomcat:5.5.0:::::::* cpe:2.3:a:apache:tomcat:5.0.9:::::::* cpe:2.3:a:apache:tomcat:5.0.8:::::::* cpe:2.3:a:apache:tomcat:5.0.7:::::::* cpe:2.3:a:apache:tomcat:5.0.6:::::::* cpe:2.3:a:apache:tomcat:5.0.5:::::::* cpe:2.3:a:apache:tomcat:5.0.4:::::::* cpe:2.3:a:apache:tomcat:5.0.30:::::::* cpe:2.3:a:apache:tomcat:5.0.3:::::::* cpe:2.3:a:apache:tomcat:5.0.29:::::::* cpe:2.3:a:apache:tomcat:5.0.28:::::::* cpe:2.3:a:apache:tomcat:5.0.27:::::::* cpe:2.3:a:apache:tomcat:5.0.26:::::::* cpe:2.3:a:apache:tomcat:5.0.25:::::::* cpe:2.3:a:apache:tomcat:5.0.24:::::::* cpe:2.3:a:apache:tomcat:5.0.23:::::::* cpe:2.3:a:apache:tomcat:5.0.22:::::::* cpe:2.3:a:apache:tomcat:5.0.21:::::::* cpe:2.3:a:apache:tomcat:5.0.2:::::::* cpe:2.3:a:apache:tomcat:5.0.19:::::::* cpe:2.3:a:apache:tomcat:5.0.18:::::::* cpe:2.3:a:apache:tomcat:5.0.17:::::::* cpe:2.3:a:apache:tomcat:5.0.16:::::::* cpe:2.3:a:apache:tomcat:5.0.15:::::::* cpe:2.3:a:apache:tomcat:5.0.14:::::::* cpe:2.3:a:apache:tomcat:5.0.13:::::::* cpe:2.3:a:apache:tomcat:5.0.12:::::::* cpe:2.3:a:apache:tomcat:5.0.11:::::::* cpe:2.3:a:apache:tomcat:5.0.10:::::::* cpe:2.3:a:apache:tomcat:5.0.1:::::::* cpe:2.3:a:apache:tomcat:5.0.0:::::::* cpe:2.3:a:apache:tomcat:5:::::::* cpe:2.3:a:apache:tomcat:4.1.9:beta:::::: cpe:2.3:a:apache:tomcat:4.1.9:::::::* cpe:2.3:a:apache:tomcat:4.1.8:::::::* cpe:2.3:a:apache:tomcat:4.1.7:::::::* cpe:2.3:a:apache:tomcat:4.1.6:::::::* cpe:2.3:a:apache:tomcat:4.1.5:::::::* cpe:2.3:a:apache:tomcat:4.1.40:::::::* cpe:2.3:a:apache:tomcat:4.1.4:::::::* cpe:2.3:a:apache:tomcat:4.1.39:::::::* cpe:2.3:a:apache:tomcat:4.1.38:::::::* cpe:2.3:a:apache:tomcat:4.1.37:::::::* cpe:2.3:a:apache:tomcat:4.1.36:::::::* cpe:2.3:a:apache:tomcat:4.1.35:::::::* cpe:2.3:a:apache:tomcat:4.1.34:::::::* cpe:2.3:a:apache:tomcat:4.1.33:::::::* cpe:2.3:a:apache:tomcat:4.1.32:::::::* cpe:2.3:a:apache:tomcat:4.1.31:::::::* cpe:2.3:a:apache:tomcat:4.1.30:::::::* cpe:2.3:a:apache:tomcat:4.1.3:::::::* cpe:2.3:a:apache:tomcat:4.1.3:beta:::::: cpe:2.3:a:apache:tomcat:4.1.29:::::::* cpe:2.3:a:apache:tomcat:4.1.29:alpha:::::: cpe:2.3:a:apache:tomcat:4.1.28:::::::* cpe:2.3:a:apache:tomcat:4.1.28:alpha:::::: cpe:2.3:a:apache:tomcat:4.1.27:::::::* cpe:2.3:a:apache:tomcat:4.1.26:::::::* cpe:2.3:a:apache:tomcat:4.1.25:::::::* cpe:2.3:a:apache:tomcat:4.1.24:::::::* cpe:2.3:a:apache:tomcat:4.1.23:::::::* cpe:2.3:a:apache:tomcat:4.1.22:::::::* cpe:2.3:a:apache:tomcat:4.1.21:::::::* cpe:2.3:a:apache:tomcat:4.1.20:::::::* cpe:2.3:a:apache:tomcat:4.1.2:::::::* cpe:2.3:a:apache:tomcat:4.1.19:::::::* cpe:2.3:a:apache:tomcat:4.1.18:::::::* cpe:2.3:a:apache:tomcat:4.1.17:::::::* cpe:2.3:a:apache:tomcat:4.1.16:::::::* cpe:2.3:a:apache:tomcat:4.1.15:::::::* cpe:2.3:a:apache:tomcat:4.1.14:::::::* cpe:2.3:a:apache:tomcat:4.1.13:::::::* cpe:2.3:a:apache:tomcat:4.1.12:::::::* cpe:2.3:a:apache:tomcat:4.1.11:::::::* cpe:2.3:a:apache:tomcat:4.1.10:::::::* cpe:2.3:a:apache:tomcat:4.1.1:::::::* cpe:2.3:a:apache:tomcat:4.1.0:::::::* cpe:2.3:a:apache:tomcat:4.0.6:::::::* cpe:2.3:a:apache:tomcat:4.0.5:::::::* cpe:2.3:a:apache:tomcat:4.0.4:::::::* cpe:2.3:a:apache:tomcat:4.0.3:::::::* cpe:2.3:a:apache:tomcat:4.0.2:::::::* cpe:2.3:a:apache:tomcat:4.0.1:::::::* cpe:2.3:a:apache:tomcat:4.0.0:::::::* cpe:2.3:a:apache:tomcat:4:::::::* cpe:2.3:a:apache:tomcat:3.3.2:::::::* cpe:2.3:a:apache:tomcat:3.3.1a:::::::* cpe:2.3:a:apache:tomcat:3.3.1:::::::* cpe:2.3:a:apache:tomcat:3.3:::::::* cpe:2.3:a:apache:tomcat:3.2.4:::::::* cpe:2.3:a:apache:tomcat:3.2.3:::::::* cpe:2.3:a:apache:tomcat:3.2.2:::::::* cpe:2.3:a:apache:tomcat:3.2.2:beta2:::::: cpe:2.3:a:apache:tomcat:3.2.1:::::::* cpe:2.3:a:apache:tomcat:3.2:::::::* cpe:2.3:a:apache:tomcat:3.1.1:::::::* cpe:2.3:a:apache:tomcat:3.1:::::::* cpe:2.3:a:apache:tomcat:3.0:::::::* cpe:2.3:a:apache:tomcat:1.1.3:::::::* cpe:2.3:a:apache:tomcat:::::::: cpe:2.3:a:apache:tomcat:-:::::::*	167

OpenVAS Exploits

Date	Description
2012-08-10	Name : Gentoo Security Advisory GLSA 201206-24 (apache tomcat) File : nvt/glsa_201206_24.nasl
2011-08-09	Name : CentOS Update for tomcat5 CESA-2009:1164 centos5 i386 File : nvt/gb_CESA-2009_1164_tomcat5_centos5_i386.nasl
2011-08-09	Name : CentOS Update for tomcat5 CESA-2010:0580 centos5 i386 File : nvt/gb_CESA-2010_0580_tomcat5_centos5_i386.nasl
2011-05-12	Name : Debian Security Advisory DSA 2207-1 (tomcat5.5) File : nvt/deb_2207_1.nasl
2011-01-04	Name : HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579 File : nvt/gb_hp_ux_HPSBUX02579.nasl
2010-09-14	Name : Mandriva Update for tomcat5 MDVSA-2010:176 (tomcat5) File : nvt/gb_mandriva_MDVSA_2010_176.nasl
2010-08-06	Name : RedHat Update for tomcat5 RHSA-2010:0580-01 File : nvt/gb_RHSA-2010_0580-01_tomcat5.nasl
2010-05-12	Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl
2009-12-03	Name : Fedora Core 12 FEDORA-2009-11352 (tomcat6) File : nvt/fcore_2009_11352.nasl
2009-12-03	Name : Fedora Core 10 FEDORA-2009-11356 (tomcat6) File : nvt/fcore_2009_11356.nasl
2009-12-03	Name : Fedora Core 11 FEDORA-2009-11374 (tomcat6) File : nvt/fcore_2009_11374.nasl
2009-11-11	Name : RedHat Security Advisory RHSA-2009:1562 File : nvt/RHSA_2009_1562.nasl
2009-11-11	Name : RedHat Security Advisory RHSA-2009:1563 File : nvt/RHSA_2009_1563.nasl
2009-10-22	Name : HP-UX Update for Tomcat Servlet Engine HPSBUX02466 File : nvt/gb_hp_ux_HPSBUX02466.nasl
2009-10-13	Name : SLES10: Security update for Tomcat 5 File : nvt/sles10_tomcat52.nasl
2009-10-10	Name : SLES9: Security update for Tomcat File : nvt/sles9p5055024.nasl
2009-08-17	Name : Mandrake Security Advisory MDVSA-2009:163 (tomcat5) File : nvt/mdksa_2009_163.nasl
2009-08-17	Name : CentOS Security Advisory CESA-2009:1164 (tomcat) File : nvt/ovcesa2009_1164.nasl
2009-07-29	Name : RedHat Security Advisory RHSA-2009:1164 File : nvt/RHSA_2009_1164.nasl
2009-07-06	Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl
2009-06-30	Name : Mandrake Security Advisory MDVSA-2009:136 (tomcat5) File : nvt/mdksa_2009_136.nasl
2009-06-30	Name : Mandrake Security Advisory MDVSA-2009:138 (tomcat5) File : nvt/mdksa_2009_138.nasl
2009-06-30	Name : Ubuntu USN-789-1 (gst-plugins-good0.10) File : nvt/ubuntu_789_1.nasl
2009-06-23	Name : Ubuntu USN-788-1 (tomcat6) File : nvt/ubuntu_788_1.nasl
2009-06-16	Name : Apache Tomcat Multiple Vulnerabilities June-09 File : nvt/gb_apache_tomcat_mult_vuln_jun09.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
55056	Apache Tomcat Cross-application TLD File Manipulation

Nessus® Vulnerability Scanner

Date	Description
2016-03-03	Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1146.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1145.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1144.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1143.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100802_tomcat5_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090723_tomcat_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-24.nasl - Type : ACT_GATHER_INFO
2011-03-30	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2207.nasl - Type : ACT_GATHER_INFO
2010-09-13	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-176.nasl - Type : ACT_GATHER_INFO
2010-08-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2010-08-03	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0580.nasl - Type : ACT_GATHER_INFO
2010-05-28	Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_form_user_enum.nasl - Type : ACT_GATHER_INFO
2010-03-29	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO
2010-03-29	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO
2010-01-10	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-1617.nasl - Type : ACT_GATHER_INFO
2010-01-10	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1616.nasl - Type : ACT_GATHER_INFO
2010-01-06	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote Fedora host is missing a security update. File : fedora_2009-11356.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote Fedora host is missing a security update. File : fedora_2009-11374.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote Fedora host is missing a security update. File : fedora_2009-11352.nasl - Type : ACT_GATHER_INFO
2009-11-23	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-10-06	Name : The remote openSUSE host is missing a security update. File : suse_tomcat55-6369.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12460.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_tomcat5-6352.nasl - Type : ACT_GATHER_INFO
2009-07-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1164.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_tomcat6-090613.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_tomcat6-090613.nasl - Type : ACT_GATHER_INFO
2009-06-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-138.nasl - Type : ACT_GATHER_INFO
2009-06-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-136.nasl - Type : ACT_GATHER_INFO
2009-06-22	Name : The web server running on the remote host is affected by an information discl... File : tomcat_xml_parser.nasl - Type : ACT_GATHER_INFO
2009-06-16	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-788-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BID	http://www.securityfocus.com/bid/35416
BUGTRAQ	http://www.securityfocus.com/archive/1/504090/100/0/threaded http://www.securityfocus.com/archive/1/507985/100/0/threaded
CONFIRM	http://support.apple.com/kb/HT4077 http://svn.apache.org/viewvc?rev=652592&view=rev http://svn.apache.org/viewvc?rev=681156&view=rev http://svn.apache.org/viewvc?rev=739522&view=rev http://svn.apache.org/viewvc?rev=781542&view=rev http://svn.apache.org/viewvc?rev=781708&view=rev http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 https://issues.apache.org/bugzilla/show_bug.cgi?id=45933
DEBIAN	http://www.debian.org/security/2011/dsa-2207
FEDORA	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg0115... https://www.redhat.com/archives/fedora-package-announce/2009-November/msg0121... https://www.redhat.com/archives/fedora-package-announce/2009-November/msg0124...
HP	http://marc.info/?l=bugtraq&m=127420533226623&w=2 http://marc.info/?l=bugtraq&m=129070310906557&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 http://www.mandriva.com/security/advisories?name=MDVSA-2009:138 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
MISC	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efb... https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff... https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c8... https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957... https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471... https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca45... https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098...
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK	http://www.securitytracker.com/id?1022336
SECUNIA	http://secunia.com/advisories/35685 http://secunia.com/advisories/35788 http://secunia.com/advisories/37460 http://secunia.com/advisories/42368
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
SUSE	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
VUPEN	http://www.vupen.com/english/advisories/2009/1856 http://www.vupen.com/english/advisories/2009/3316 http://www.vupen.com/english/advisories/2010/3056
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/51195

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-02-13 09:29:18	Multiple Updates
2021-05-04 12:10:06	Multiple Updates
2021-04-22 01:10:29	Multiple Updates
2020-05-23 01:40:07	Multiple Updates
2020-05-23 00:23:26	Multiple Updates
2019-10-10 05:19:25	Multiple Updates
2019-09-27 21:19:48	Multiple Updates
2019-03-25 17:18:57	Multiple Updates
2019-03-21 21:19:09	Multiple Updates
2018-10-11 00:19:32	Multiple Updates
2017-09-29 09:24:06	Multiple Updates
2017-08-17 09:22:29	Multiple Updates
2016-08-23 09:24:33	Multiple Updates
2016-06-24 21:25:46	Multiple Updates
2016-04-26 18:40:40	Multiple Updates
2016-03-04 13:26:24	Multiple Updates
2014-02-17 10:49:04	Multiple Updates
2013-12-04 17:18:47	Multiple Updates
2013-06-05 13:19:27	Multiple Updates
2013-05-10 23:45:29	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	6
CPE ID(s)	167
Sources(s)	47
osvdb(s)	1
Openvas Exploit(s)	25
Nessus® Exploit(s)	34

	Related
10	VMSA-2009-0016
7.5	HPSBUX02860 SSR...
7.5	HPSBMA02535 SSR...
7.5	GLSA-201206-24
6.4	MDVSA-2010:176
6.4	HPSBUX02579 SSR...
6.4	DSA-2207
5	USN-788-1
5	SUN-263529
5	RHSA-2009:1563
5	RHSA-2009:1562
5	RHSA-2009:1164
5	MDVSA-2009:163
5	MDVSA-2009:138
5	MDVSA-2009:136
5	HPSBUX02466 SSR...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 16 more Alert(s)

4.2 - CVE-2009-0783

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU