- Home
- CVEs with nessus.description==Multiple+security+vulnerabilities+has+been+identified+and+fixed+in+tomcat5+%3A%0A%0AApache+Tomcat+4.1.0+through+4.1.39%2C+5.5.0+through+5.5.27%2C+6.0.0+through+6.0.18%2C+and+possibly+earlier+versions+normalizes+the+target+pathname+before+filtering+the+query+string+when+using+the+RequestDispatcher+method%2C+which+allows+remote+attackers+to+bypass+intended+access+restrictions+and+conduct+directory+traversal+attacks+via+..+%28dot+dot%29+sequences+and+the+WEB-INF+directory+in+a+Request+%28CVE-2008-5515%29.%0A%0AApache+Tomcat+4.1.0+through+4.1.39%2C+5.5.0+through+5.5.27%2C+and+6.0.0+through+6.0.18%2C+when+the+Java+AJP+connector+and+mod_jk+load+balancing+are+used%2C+allows+remote+attackers+to+cause+a+denial+of+service+%28application+outage%29+via+a+crafted+request+with+invalid+headers%2C+related+to+temporary+blocking+of+connectors+that+have+encountered+errors%2C+as+demonstrated+by+an+error+involving+a+malformed+HTTP+Host+header+%28CVE-2009-0033%29.%0A%0AApache+Tomcat+4.1.0+through+4.1.39%2C+5.5.0+through+5.5.27%2C+and+6.0.0+through+6.0.18%2C+when+FORM+authentication+is+used%2C+allows+remote+attackers+to+enumerate+valid+usernames+via+requests+to+%2Fj_security_check+with+malformed+URL+encoding+of+passwords%2C+related+to+improper+error+checking+in+the+%281%29+MemoryRealm%2C+%282%29+DataSourceRealm%2C+and+%283%29+JDBCRealm+authentication+realms%2C+as+demonstrated+by+a+%25+%28percent%29+value+for+the+j_password+parameter+%28CVE-2009-0580%29.%0A%0AThe+calendar+application+in+the+examples+web+application+contains+an+XSS+flaw+due+to+invalid+HTML+which+renders+the+XSS+filtering+protection+ineffective+%28CVE-2009-0781%29.%0A%0AApache+Tomcat+4.1.0+through+4.1.39%2C+5.5.0+through+5.5.27%2C+and+6.0.0+through+6.0.18+permits+web+applications+to+replace+an+XML+parser+used+for+other+web+applications%2C+which+allows+local+users+to+read+or+modify+the+%281%29+web.xml%2C+%282%29+context.xml%2C+or+%283%29+tld+files+of+arbitrary+web+applications+via+a+crafted+application+that+is+loaded+earlier+than+the+target+application+%28CVE-2009-0783%29.%0A%0AThe+updated+packages+have+been+patched+to+prevent+this.+Additionally+Apache+Tomcat+has+been+upgraded+to+the+latest+5.5.27+version+for+2009.0
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top