CVE-2009-0783

CVSS 4.2 - MEDIUM

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Affected Products

3

Vendor	Product	Version
apache	tomcat	`All versions`
apache	tomcat	`All versions`
apache	tomcat	`All versions`

References

http://lists.apple.com/archives/security-announce/...

http://lists.opensuse.org/opensuse-security-announ...

http://marc.info/?l=bugtraq&m=127420533226623&w=2

http://marc.info/?l=bugtraq&m=129070310906557&w=2

http://marc.info/?l=bugtraq&m=136485229118404&w=2

http://secunia.com/advisories/35685

http://secunia.com/advisories/35788

http://secunia.com/advisories/37460

http://secunia.com/advisories/42368

http://sunsolve.sun.com/search/document.do?assetke...

http://support.apple.com/kb/HT4077

http://svn.apache.org/viewvc?rev=652592&view=rev

http://svn.apache.org/viewvc?rev=681156&view=rev

http://svn.apache.org/viewvc?rev=739522&view=rev

http://svn.apache.org/viewvc?rev=781542&view=rev

http://svn.apache.org/viewvc?rev=781708&view=rev

http://tomcat.apache.org/security-4.html

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://www.debian.org/security/2011/dsa-2207

Weakness Types

CWE-200

CVE Information

CVE ID:: CVE-2009-0783
Published:: 2009-06-05
Modified:: 2026-04-23
CVSS Score:: 4.2
Severity:: MEDIUM
Vector:: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected Vendors

apache

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL