Lucene search

[email protected]CVE-2009-2901

HistoryJan 28, 2010 - 8:30 p.m.

CVE-2009-2901

2010-01-2820:30:00

CWE-264

[email protected]

web.nvd.nist.gov

apache

tomcat

autodeployment

vulnerability

cve-2009-2901

security

nvd

4.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.1%

JSON

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

CPENameOperatorVersion
apache:tomcatapache tomcateq5.5.27
apache:tomcatapache tomcateq5.5.18
apache:tomcatapache tomcateq6.0.6
apache:tomcatapache tomcateq6.0.11
apache:tomcatapache tomcateq5.5.12
apache:tomcatapache tomcateq5.5.14
apache:tomcatapache tomcateq5.5.10
apache:tomcatapache tomcateq5.5.4
apache:tomcatapache tomcateq5.5.7
apache:tomcatapache tomcateq5.5.1

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	5.5.27
apache:tomcat	apache tomcat	eq	5.5.18
apache:tomcat	apache tomcat	eq	6.0.6
apache:tomcat	apache tomcat	eq	6.0.11
apache:tomcat	apache tomcat	eq	5.5.12
apache:tomcat	apache tomcat	eq	5.5.14
apache:tomcat	apache tomcat	eq	5.5.10
apache:tomcat	apache tomcat	eq	5.5.4
apache:tomcat	apache tomcat	eq	5.5.7
apache:tomcat	apache tomcat	eq	5.5.1

Rows per page:

1-10 of 511

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

marc.info/?l=bugtraq&m=127420533226623&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

secunia.com/advisories/38316

secunia.com/advisories/38346

secunia.com/advisories/38541

secunia.com/advisories/39317

secunia.com/advisories/43310

secunia.com/advisories/57126

securitytracker.com/id?1023503

support.apple.com/kb/HT4077

svn.apache.org/viewvc?rev=892815&view=rev

svn.apache.org/viewvc?rev=902650&view=rev

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

ubuntu.com/usn/usn-899-1

www.mandriva.com/security/advisories?name=MDVSA-2010:176

www.mandriva.com/security/advisories?name=MDVSA-2010:177

www.securityfocus.com/archive/1/509151/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/37942

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/0213

exchange.xforce.ibmcloud.com/vulnerabilities/55856

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

4.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2009-2901

osv1 veracode1 prion1 ubuntucve1 github1 securityvulns5 nessus20 ubuntu1 openvas13 tomcat2 gentoo1 threatpost1