Lucene search

PRIOn knowledge basePRION:CVE-2009-2901

HistoryJan 28, 2010 - 8:30 p.m.

Authentication flaw

2010-01-2820:30:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

CPENameOperatorVersion
tomcateq5.5.27
tomcateq5.5.18
tomcateq6.0.6
tomcateq6.0.11
tomcateq5.5.12
tomcateq5.5.14
tomcateq5.5.10
tomcateq5.5.4
tomcateq5.5.7
tomcateq5.5.1

Name	Operator	Version
tomcat	eq	5.5.27
tomcat	eq	5.5.18
tomcat	eq	6.0.6
tomcat	eq	6.0.11
tomcat	eq	5.5.12
tomcat	eq	5.5.14
tomcat	eq	5.5.10
tomcat	eq	5.5.4
tomcat	eq	5.5.7
tomcat	eq	5.5.1

Rows per page:

1-10 of 511

References

lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

secunia.com/advisories/38316

secunia.com/advisories/38346

secunia.com/advisories/38541

secunia.com/advisories/39317

secunia.com/advisories/43310

secunia.com/advisories/57126

securitytracker.com/id?1023503

support.apple.com/kb/HT4077

svn.apache.org/viewvc?rev=892815&view=rev

svn.apache.org/viewvc?rev=902650&view=rev

tomcat.apache.org/security-5.html

tomcat.apache.org/security-6.html

ubuntu.com/usn/usn-899-1

www.mandriva.com/security/advisories?name=MDVSA-2010:176

www.mandriva.com/security/advisories?name=MDVSA-2010:177

www.securityfocus.com/archive/1/509151/100/0/threaded

www.securityfocus.com/archive/1/516397/100/0/threaded

www.securityfocus.com/bid/37942

www.vmware.com/security/advisories/VMSA-2011-0003.html

www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

www.vupen.com/english/advisories/2010/0213

exchange.xforce.ibmcloud.com/vulnerabilities/55856

lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=127420533226623&w=2

marc.info/?l=bugtraq&m=133469267822771&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

56.9%

JSON

Related for PRION:CVE-2009-2901