Home > Vulnerability Database > CVE-2009-0783

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2009-0783

Good to know:

Date: June 5, 2009

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Language: Java

Severity Score

4.2

Related Resources (57)

Url: http://secunia.com/advisories/35788

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2010:176

Url: http://svn.apache.org/viewvc?rev=652592&view=rev

Url: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0783

Url: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Url: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html

Url: http://www.securitytracker.com/id?1022336

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E

Url: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Url: https://issues.apache.org/bugzilla/show_bug.cgi?id=45933

Url: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html

Url: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/51195

Url: http://www.debian.org/security/2011/dsa-2207

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:138

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1

Url: http://svn.apache.org/viewvc?rev=781708&view=rev

Url: http://www.vupen.com/english/advisories/2009/3316

Url: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=129070310906557&w=2

Url: http://tomcat.apache.org/security-5.html

Url: http://svn.apache.org/viewvc?rev=739522&view=rev

Url: http://secunia.com/advisories/35685

Url: http://www.securityfocus.com/archive/1/504090/100/0/threaded

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716

Url: http://svn.apache.org/viewvc?rev=781542&view=rev

Url: http://www.securityfocus.com/bid/35416

Url: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E

Url: http://tomcat.apache.org/security-4.html

Url: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=127420533226623&w=2

Url: https://access.redhat.com/security/cve/CVE-2009-0783

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913

Url: http://www.vupen.com/english/advisories/2010/3056

Url: http://support.apple.com/kb/HT4077

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450

Url: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Url: https://issues.apache.org/bugzilla/show_bug.cgi?id=29936

Url: http://marc.info/?l=bugtraq&m=136485229118404&w=2

Url: http://svn.apache.org/viewvc?rev=681156&view=rev

Url: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Url: http://secunia.com/advisories/37460

Url: http://tomcat.apache.org/security-6.html

Url: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Url: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E

Url: http://www.vupen.com/english/advisories/2009/1856

Url: http://secunia.com/advisories/42368

Url: https://www.mend.io/vulnerability-database/CVE-2009-0783

Severity Score

4.2

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version org.apache.tomcat:catalina - 6.0.20;tomcat:catalina - 5.5.7,4.1.31,5.5.9

CVSS v3.1

Base Score:	4.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us