CVE-2009-0783

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tomcat.apache.org/security-6.html", "name": "http://tomcat.apache.org/security-6.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://tomcat.apache.org/security-4.html", "name": "http://tomcat.apache.org/security-4.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933", "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933", "tags": ["Issue Tracking"], "refsource": "CONFIRM"}, {"url": "http://svn.apache.org/viewvc?rev=681156&view=rev", "name": "http://svn.apache.org/viewvc?rev=681156&view=rev", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://tomcat.apache.org/security-5.html", "name": "http://tomcat.apache.org/security-5.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://svn.apache.org/viewvc?rev=652592&view=rev", "name": "http://svn.apache.org/viewvc?rev=652592&view=rev", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://svn.apache.org/viewvc?rev=781542&view=rev", "name": "http://svn.apache.org/viewvc?rev=781542&view=rev", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://svn.apache.org/viewvc?rev=739522&view=rev", "name": "http://svn.apache.org/viewvc?rev=739522&view=rev", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://svn.apache.org/viewvc?rev=781708&view=rev", "name": "http://svn.apache.org/viewvc?rev=781708&view=rev", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936", "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936", "tags": ["Issue Tracking", "Patch"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1022336", "name": "1022336", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/35416", "name": "35416", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138", "name": "MDVSA-2009:138", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136", "name": "MDVSA-2009:136", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html", "name": "SUSE-SR:2009:012", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1", "name": "263529", "tags": ["Third Party Advisory"], "refsource": "SUNALERT"}, {"url": "http://www.vupen.com/english/advisories/2009/1856", "name": "ADV-2009-1856", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/35685", "name": "35685", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/35788", "name": "35788", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2009/3316", "name": "ADV-2009-3316", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html", "name": "FEDORA-2009-11356", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html", "name": "FEDORA-2009-11352", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html", "name": "FEDORA-2009-11374", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/37460", "name": "37460", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "name": "APPLE-SA-2010-03-29-1", "tags": ["Mailing List"], "refsource": "APPLE"}, {"url": "http://support.apple.com/kb/HT4077", "name": "http://support.apple.com/kb/HT4077", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176", "name": "MDVSA-2010:176", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2", "name": "HPSBUX02579", "tags": ["Third Party Advisory"], "refsource": "HP"}, {"url": "http://secunia.com/advisories/42368", "name": "42368", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/3056", "name": "ADV-2010-3056", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.debian.org/security/2011/dsa-2207", "name": "DSA-2207", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2", "name": "HPSBUX02860", "tags": ["Third Party Advisory"], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2", "name": "HPSBMA02535", "tags": ["Third Party Advisory"], "refsource": "HP"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195", "name": "tomcat-xml-information-disclosure(51195)", "tags": ["VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450", "name": "oval:org.mitre.oval:def:6450", "tags": ["Tool Signature"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913", "name": "oval:org.mitre.oval:def:18913", "tags": ["Tool Signature"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716", "name": "oval:org.mitre.oval:def:10716", "tags": ["Tool Signature"], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded", "name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}, {"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0783", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.8}}, "publishedDate": "2009-06-05T16:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.1.39", "versionStartIncluding": "4.1.0"}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.5.27", "versionStartIncluding": "5.5.0"}, {"cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.18", "versionStartIncluding": "6.0.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T01:17Z"}