Apache Tomcat Multiple Vulnerabilities January 2010 Network Vulnerability

Summary

Apache Tomcat is prone to a directory-traversal vulnerability and to an authentication-bypass vulnerability. Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory or gain unauthorized access to files and directories.. The following versions are affected: Tomcat 5.5.0 through 5.5.28 Tomcat 6.0.0 through 6.0.20

Solution

The vendor has released updates. Please see the references for details.

References

http://svn.apache.org/viewvc?view=revision&revision=892815
http://svn.apache.org/viewvc?view=revision&revision=902650
http://tomcat.apache.org/
http://www.securityfocus.com/bid/37942
http://www.securityfocus.com/bid/37944
http://www.securityfocus.com/bid/37945

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2693, CVE-2009-2901, CVE-2009-2902
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
IBM WebSphere Application Server Hash Collisions DOS Vulnerability
Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
Check for IIS .cnf file leakage

Take action and discover your vulnerabilities