CVE-2009-0783

MEDIUM

Apache Tomcat <6.0.19 - Info Disclosure

Title source: llm
STIX 2.1

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

References (47)

Core 47
Core References
Patch, Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-4.html
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2207
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3056
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504090/100/0/threaded
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127420533226623&w=2
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37460
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35788
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1856
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42368
Patch, Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35685
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022336
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
Patch, Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-5.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=129070310906557&w=2
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Third Party Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
Issue Tracking, Patch x_refsource_confirm
https://issues.apache.org/bugzilla/show_bug.cgi?id=29936
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35416
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316

Scores

CVSS v3 4.2
EPSS 0.0081
EPSS Percentile 52.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-200
Status published
Products (2)
apache/tomcat 4.1.0 - 4.1.39
org.apache.tomcat/tomcat 4.1.0Maven
Published Jun 05, 2009
Tracked Since Feb 18, 2026