RedhatCVELIST:CVE-2009-0783CVE-2009-0783
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
References
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
marc.info/?l=bugtraq&m=127420533226623&w=2
marc.info/?l=bugtraq&m=129070310906557&w=2
marc.info/?l=bugtraq&m=136485229118404&w=2
secunia.com/advisories/35685
secunia.com/advisories/35788
secunia.com/advisories/37460
secunia.com/advisories/42368
sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
support.apple.com/kb/HT4077
svn.apache.org/viewvc?rev=652592&view=rev
svn.apache.org/viewvc?rev=681156&view=rev
svn.apache.org/viewvc?rev=739522&view=rev
svn.apache.org/viewvc?rev=781542&view=rev
svn.apache.org/viewvc?rev=781708&view=rev
tomcat.apache.org/security-4.html
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.debian.org/security/2011/dsa-2207
www.mandriva.com/security/advisories?name=MDVSA-2009:136
www.mandriva.com/security/advisories?name=MDVSA-2009:138
www.mandriva.com/security/advisories?name=MDVSA-2010:176
www.securityfocus.com/archive/1/504090/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/35416
www.securitytracker.com/id?1022336
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/1856
www.vupen.com/english/advisories/2009/3316
www.vupen.com/english/advisories/2010/3056
exchange.xforce.ibmcloud.com/vulnerabilities/51195
issues.apache.org/bugzilla/show_bug.cgi?id=29936
issues.apache.org/bugzilla/show_bug.cgi?id=45933
lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450
www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Related
