4.3
CVSSv2

CVE-2009-2901

Published: 28/01/2010 Updated: 25/03/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The autodeployment process in Apache Tomcat 5.5.0 up to and including 5.5.28 and 6.0.0 up to and including 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote malicious users to bypass intended authentication requirements via HTTP requests.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 5.5.25

apache tomcat 5.5.10

apache tomcat 5.5.6

apache tomcat 5.5.5

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.21

apache tomcat 5.5.19

apache tomcat 6.0.8

apache tomcat 6.0.9

apache tomcat 6.0.2

apache tomcat 6.0.13

apache tomcat 5.5.27

apache tomcat 5.5.18

apache tomcat 5.5.4

apache tomcat 5.5.1

apache tomcat 5.5.28

apache tomcat 5.5.26

apache tomcat 5.5.15

apache tomcat 6.0.15

apache tomcat 5.5.22

apache tomcat 6.0.10

apache tomcat 5.5.3

apache tomcat 6.0.17

apache tomcat 6.0

apache tomcat 5.5.9

apache tomcat 6.0.0

apache tomcat 6.0.14

apache tomcat 5.5.2

apache tomcat 6.0.1

apache tomcat 5.5.24

apache tomcat 6.0.18

apache tomcat 5.5.16

apache tomcat 6.0.5

apache tomcat 5.5.17

apache tomcat 6.0.16

apache tomcat 6.0.6

apache tomcat 6.0.11

apache tomcat 5.5.14

apache tomcat 5.5.7

apache tomcat 6.0.7

apache tomcat 6.0.4

apache tomcat 5.5.20

apache tomcat 6.0.20

apache tomcat 6.0.3

apache tomcat 5.5.0

apache tomcat 5.5.13

apache tomcat 6.0.12

apache tomcat 5.5.8

apache tomcat 5.5.23

apache tomcat 6.0.19

Vendor Advisories

It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying A remote attacker could send a specially crafted WAR file to be deployed and cause arbitrary files and directories to be created, overwritten, or deleted ...
VMSA-2011-00032 VMware Security Advisory   VMware Security Advisory Advisory ID: VMSA-2011-00032 VMware Security Advisory Synopsis: Third p ...

References

CWE-264http://svn.apache.org/viewvc?rev=892815&view=revhttp://tomcat.apache.org/security-5.htmlhttp://www.vupen.com/english/advisories/2010/0213http://tomcat.apache.org/security-6.htmlhttp://securitytracker.com/id?1023503http://secunia.com/advisories/38316http://secunia.com/advisories/38346http://www.securityfocus.com/bid/37942http://svn.apache.org/viewvc?rev=902650&view=revhttp://secunia.com/advisories/38541http://ubuntu.com/usn/usn-899-1http://support.apple.com/kb/HT4077http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.htmlhttp://secunia.com/advisories/39317http://www.mandriva.com/security/advisories?name=MDVSA-2010:177http://www.mandriva.com/security/advisories?name=MDVSA-2010:176http://secunia.com/advisories/43310http://www.vmware.com/security/advisories/VMSA-2011-0003.htmlhttp://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00089.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00037.htmlhttp://marc.info/?l=bugtraq&m=139344343412337&w=2http://secunia.com/advisories/57126http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=127420533226623&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/55856http://www.securityfocus.com/archive/1/516397/100/0/threadedhttp://www.securityfocus.com/archive/1/509151/100/0/threadedhttps://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3Ehttp://tools.cisco.com/security/center/viewAlert.x?alertId=19793https://nvd.nist.govhttps://usn.ubuntu.com/899-1/