CVE-2009-0783Sensitive Information Exposure in Apache Tomcat

CWE-200Sensitive Information Exposure11 documents7 sources
Severity
4.2MEDIUMNVD
EPSS
0.1%
top 72.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJun 5
Latest updateMay 17

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 0.8 | Impact: 3.4

Affected Packages1 packages

NVDapache/tomcat4.1.04.1.39+2

Patches

Patch: svn.apache.orgPatch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

4
GHSA
Apache Tomcat Allows Replacing of XML Parser2022-05-17
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat2022-05-02
OSV
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat2022-05-02
CVEList
CVE-2009-0783: Apache Tomcat 42009-06-05

📋Vendor Advisories

3
Red Hat
Apache Tomcat CVE-2009-0783 regression2011-08-12
Ubuntu
Tomcat vulnerabilities2009-06-15
Red Hat
tomcat XML parser information disclosure2009-06-04

💬Community

3
Bugzilla
CVE-2011-2481 Apache Tomcat CVE-2009-0783 regression2011-08-23
Bugzilla
CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2008-5515 CVE-2009-0781 Multiple tomcat5 vulnerabilities [Fedora all]2009-11-09
Bugzilla
CVE-2009-0783 tomcat XML parser information disclosure2009-06-04
CVE-2009-0783 — Sensitive Information Exposure | cvebase