github - ghsa-w227-xcfx-3pj8

ghsa-w227-xcfx-3pj8

Vulnerability from github

Published

2022-05-02 03:16

Modified

2022-06-17 00:37

Summary

Exposure of Sensitive Information in Apache Tomcat

Details

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Show details on source website

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.tomcat:tomcat",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "4.1.0",
                  },
                  {
                     fixed: "4.1.40",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.tomcat:tomcat",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "5.0.0",
                  },
                  {
                     fixed: "5.5.28",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.tomcat:tomcat",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "6.0.0",
                  },
                  {
                     fixed: "6.0.19",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
   ],
   aliases: [
      "CVE-2009-0580",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-200",
      ],
      github_reviewed: true,
      github_reviewed_at: "2022-06-17T00:37:06Z",
      nvd_published_at: "2009-06-05T16:00:00Z",
      severity: "MODERATE",
   },
   details: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
   id: "GHSA-w227-xcfx-3pj8",
   modified: "2022-06-17T00:37:06Z",
   published: "2022-05-02T03:16:43Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
      },
      {
         type: "WEB",
         url: "https://marc.info/?l=bugtraq&m=127420533226623&w=2",
      },
      {
         type: "WEB",
         url: "https://marc.info/?l=bugtraq&m=129070310906557&w=2",
      },
      {
         type: "WEB",
         url: "https://marc.info/?l=bugtraq&m=133469267822771&w=2",
      },
      {
         type: "WEB",
         url: "https://marc.info/?l=bugtraq&m=136485229118404&w=2",
      },
      {
         type: "WEB",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915",
      },
      {
         type: "WEB",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628",
      },
      {
         type: "WEB",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101",
      },
      {
         type: "WEB",
         url: "https://svn.apache.org/viewvc?rev=747840&view=rev",
      },
      {
         type: "WEB",
         url: "https://svn.apache.org/viewvc?rev=781379&view=rev",
      },
      {
         type: "WEB",
         url: "https://svn.apache.org/viewvc?rev=781382&view=rev",
      },
      {
         type: "WEB",
         url: "https://tomcat.apache.org/security-4.html",
      },
      {
         type: "WEB",
         url: "https://tomcat.apache.org/security-5.html",
      },
      {
         type: "WEB",
         url: "https://tomcat.apache.org/security-6.html",
      },
      {
         type: "WEB",
         url: "https://www.debian.org/security/2011/dsa-2207",
      },
      {
         type: "WEB",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html",
      },
      {
         type: "WEB",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html",
      },
      {
         type: "WEB",
         url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html",
      },
      {
         type: "WEB",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50930",
      },
      {
         type: "PACKAGE",
         url: "https://github.com/apache/tomcat",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html",
      },
      {
         type: "WEB",
         url: "https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
   summary: "Exposure of Sensitive Information in Apache Tomcat",
}

cve-2009-0580

Vulnerability from cvelistv5

Published

2009-06-05 15:25

Modified

2024-08-07 04:40

Severity ?

Summary

References

▼	URL	Tags
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101	vdb-entry, signature, x_refsource_OVAL
	http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915	vdb-entry, signature, x_refsource_OVAL
	http://marc.info/?l=bugtraq&m=127420533226623&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/35326	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDVSA-2009:138	vendor-advisory, x_refsource_MANDRIVA
	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html	vendor-advisory, x_refsource_FEDORA
	http://www.debian.org/security/2011/dsa-2207	vendor-advisory, x_refsource_DEBIAN
	http://www.securityfocus.com/bid/35196	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/35344	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/37460	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/3056	vdb-entry, x_refsource_VUPEN
	http://www.vmware.com/security/advisories/VMSA-2009-0016.html	x_refsource_CONFIRM
	http://secunia.com/advisories/35788	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/504125/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://marc.info/?l=bugtraq&m=127420533226623&w=2	vendor-advisory, x_refsource_HP
	http://svn.apache.org/viewvc?rev=747840&view=rev	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/504045/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://www.vupen.com/english/advisories/2009/1496	vdb-entry, x_refsource_VUPEN
	http://marc.info/?l=bugtraq&m=133469267822771&w=2	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/504108/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://svn.apache.org/viewvc?rev=781382&view=rev	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628	vdb-entry, signature, x_refsource_OVAL
	http://www.vupen.com/english/advisories/2009/1856	vdb-entry, x_refsource_VUPEN
	http://securitytracker.com/id?1022332	vdb-entry, x_refsource_SECTRACK
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:176	vendor-advisory, x_refsource_MANDRIVA
	http://www.securityfocus.com/archive/1/507985/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/42368	third-party-advisory, x_refsource_SECUNIA
	http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
	http://support.apple.com/kb/HT4077	x_refsource_CONFIRM
	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/35685	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=133469267822771&w=2	vendor-advisory, x_refsource_HP
	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html	vendor-advisory, x_refsource_FEDORA
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://marc.info/?l=bugtraq&m=129070310906557&w=2	vendor-advisory, x_refsource_HP
	https://exchange.xforce.ibmcloud.com/vulnerabilities/50930	vdb-entry, x_refsource_XF
	http://svn.apache.org/viewvc?rev=781379&view=rev	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=136485229118404&w=2	vendor-advisory, x_refsource_HP
	http://www.mandriva.com/security/advisories?name=MDVSA-2009:136	vendor-advisory, x_refsource_MANDRIVA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1	vendor-advisory, x_refsource_SUNALERT
	http://marc.info/?l=bugtraq&m=129070310906557&w=2	vendor-advisory, x_refsource_HP
	http://www.vupen.com/english/advisories/2009/3316	vdb-entry, x_refsource_VUPEN
	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T04:40:04.335Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "oval:org.mitre.oval:def:9101",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-4.html",
               },
               {
                  name: "oval:org.mitre.oval:def:18915",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915",
               },
               {
                  name: "HPSBMA02535",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127420533226623&w=2",
               },
               {
                  name: "35326",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35326",
               },
               {
                  name: "MDVSA-2009:138",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138",
               },
               {
                  name: "FEDORA-2009-11356",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html",
               },
               {
                  name: "DSA-2207",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2011/dsa-2207",
               },
               {
                  name: "35196",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/35196",
               },
               {
                  name: "35344",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35344",
               },
               {
                  name: "HPSBUX02860",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
               },
               {
                  name: "37460",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/37460",
               },
               {
                  name: "ADV-2010-3056",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2010/3056",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
               },
               {
                  name: "35788",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35788",
               },
               {
                  name: "20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/504125/100/0/threaded",
               },
               {
                  name: "SSRT100029",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127420533226623&w=2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?rev=747840&view=rev",
               },
               {
                  name: "20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/504045/100/0/threaded",
               },
               {
                  name: "APPLE-SA-2010-03-29-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html",
               },
               {
                  name: "ADV-2009-1496",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/1496",
               },
               {
                  name: "HPSBOV02762",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
               },
               {
                  name: "20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/504108/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?rev=781382&view=rev",
               },
               {
                  name: "oval:org.mitre.oval:def:6628",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628",
               },
               {
                  name: "ADV-2009-1856",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/1856",
               },
               {
                  name: "1022332",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1022332",
               },
               {
                  name: "MDVSA-2010:176",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176",
               },
               {
                  name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
               },
               {
                  name: "42368",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/42368",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-6.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT4077",
               },
               {
                  name: "FEDORA-2009-11374",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html",
               },
               {
                  name: "35685",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35685",
               },
               {
                  name: "SSRT100825",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
               },
               {
                  name: "FEDORA-2009-11352",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tomcat.apache.org/security-5.html",
               },
               {
                  name: "SUSE-SR:2009:012",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html",
               },
               {
                  name: "HPSBUX02579",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=129070310906557&w=2",
               },
               {
                  name: "tomcat-jsecuritycheck-info-disclosure(50930)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50930",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://svn.apache.org/viewvc?rev=781379&view=rev",
               },
               {
                  name: "SSRT101146",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
               },
               {
                  name: "MDVSA-2009:136",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136",
               },
               {
                  name: "263529",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1",
               },
               {
                  name: "SSRT100203",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=129070310906557&w=2",
               },
               {
                  name: "ADV-2009-3316",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/3316",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-06-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:08:37",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "oval:org.mitre.oval:def:9101",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-4.html",
            },
            {
               name: "oval:org.mitre.oval:def:18915",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915",
            },
            {
               name: "HPSBMA02535",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127420533226623&w=2",
            },
            {
               name: "35326",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35326",
            },
            {
               name: "MDVSA-2009:138",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138",
            },
            {
               name: "FEDORA-2009-11356",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html",
            },
            {
               name: "DSA-2207",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2011/dsa-2207",
            },
            {
               name: "35196",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/35196",
            },
            {
               name: "35344",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35344",
            },
            {
               name: "HPSBUX02860",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
            },
            {
               name: "37460",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/37460",
            },
            {
               name: "ADV-2010-3056",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2010/3056",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
            },
            {
               name: "35788",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35788",
            },
            {
               name: "20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/504125/100/0/threaded",
            },
            {
               name: "SSRT100029",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127420533226623&w=2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?rev=747840&view=rev",
            },
            {
               name: "20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/504045/100/0/threaded",
            },
            {
               name: "APPLE-SA-2010-03-29-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html",
            },
            {
               name: "ADV-2009-1496",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/1496",
            },
            {
               name: "HPSBOV02762",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
            },
            {
               name: "20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/504108/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?rev=781382&view=rev",
            },
            {
               name: "oval:org.mitre.oval:def:6628",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628",
            },
            {
               name: "ADV-2009-1856",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/1856",
            },
            {
               name: "1022332",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1022332",
            },
            {
               name: "MDVSA-2010:176",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176",
            },
            {
               name: "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
            },
            {
               name: "42368",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/42368",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-6.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT4077",
            },
            {
               name: "FEDORA-2009-11374",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html",
            },
            {
               name: "35685",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35685",
            },
            {
               name: "SSRT100825",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=133469267822771&w=2",
            },
            {
               name: "FEDORA-2009-11352",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tomcat.apache.org/security-5.html",
            },
            {
               name: "SUSE-SR:2009:012",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html",
            },
            {
               name: "HPSBUX02579",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=129070310906557&w=2",
            },
            {
               name: "tomcat-jsecuritycheck-info-disclosure(50930)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/50930",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://svn.apache.org/viewvc?rev=781379&view=rev",
            },
            {
               name: "SSRT101146",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=136485229118404&w=2",
            },
            {
               name: "MDVSA-2009:136",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136",
            },
            {
               name: "263529",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1",
            },
            {
               name: "SSRT100203",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=129070310906557&w=2",
            },
            {
               name: "ADV-2009-3316",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/3316",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2009-0580",
      datePublished: "2009-06-05T15:25:00",
      dateReserved: "2009-02-13T00:00:00",
      dateUpdated: "2024-08-07T04:40:04.335Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted