12 matches found
SUSE CVE-2009-0783
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
Remote Code Execution (RCE)
catalina is vulnerable to a remote code execution RCE attack. The library allows the replacement of the XML parser used for other web applications, allowing a malicious user to gain access to the applications' web.xml, context.xml or tld files...
tomcat: information disclosure via XXE when running untrusted web applications
It was found that several application-provided XML files, such as web.xml, content.xml, .tld, .tagx, and .jspx, resolved external entities, permitting XML External Entity XXE attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictio...
CVE-2011-2481
CVE-2011-2481 affects Apache Tomcat 7.0.x prior to 7.0.17. A crafted application loaded earlier than the target can replace the XML parser used by other web applications, allowing local users to read or modify (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications. This vuln...
PT-2011-3901 · Apache · Apache Tomcat
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 7.0.0 through 7.0.16 Description: The issue allows local users to read or modify the web.xml, context.xml, or tld files of arbitrary web applications via a crafted application that is loaded earlier than the target...
tomcat XML parser information disclosure
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
tomcat XML parser information disclosure
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
tomcat XML parser information disclosure
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
tomcat XML parser information disclosure
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
tomcat XML parser information disclosure
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
CVE-2009-0783
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the 1 web.xml, 2 context.xml, or 3 tld files of arbitrary web applications via a crafted...
PT-2009-3394 · Apache +2 · Apache Tomcat +2
Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 4.1.0 through 4.1.39 Apache Tomcat versions 5.5.0 through 5.5.27 Apache Tomcat versions 6.0.0 through 6.0.18 Description: The issue allows local users to read or modify the web.xml, context.xml, or tld files of arbitrar...