4.6

CVE-2009-0783

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version >= 4.1.0 <= 4.1.39
ApacheTomcat Version >= 5.5.0 <= 5.5.27
ApacheTomcat Version >= 6.0.0 <= 6.0.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.81% 0.521
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.2 0.8 3.4
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-4.html
Patch
Vendor Advisory
http://tomcat.apache.org/security-5.html
Patch
Vendor Advisory
http://tomcat.apache.org/security-6.html
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Mailing List
http://support.apple.com/kb/HT4077
Third Party Advisory
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316
Vendor Advisory
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
http://secunia.com/advisories/37460
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Third Party Advisory
http://secunia.com/advisories/35685
Vendor Advisory
http://marc.info/?l=bugtraq&m=127420533226623&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=129070310906557&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=136485229118404&w=2
Third Party Advisory
http://secunia.com/advisories/35788
Vendor Advisory
http://secunia.com/advisories/42368
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
Third Party Advisory
http://www.debian.org/security/2011/dsa-2207
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1856
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3056
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Third Party Advisory
http://svn.apache.org/viewvc?rev=652592&view=rev
Patch
http://svn.apache.org/viewvc?rev=681156&view=rev
Patch
http://svn.apache.org/viewvc?rev=739522&view=rev
Patch
http://svn.apache.org/viewvc?rev=781542&view=rev
Patch
http://svn.apache.org/viewvc?rev=781708&view=rev
Patch
http://www.securityfocus.com/archive/1/504090/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/35416
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022336
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/51195
VDB Entry
https://issues.apache.org/bugzilla/show_bug.cgi?id=29936
Patch
Issue Tracking
https://issues.apache.org/bugzilla/show_bug.cgi?id=45933
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913
Tool Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450
Tool Signature