Home > Vulnerability Database > CVE-2009-0783

Mend Vulnerability Database

CVE-2009-0783

Good to know:

Date: June 5, 2009

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

Language: Java

Severity Score

4.2

Related Resources (5)

Url: http://secunia.com/advisories/35788

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2010:176

Url: http://svn.apache.org/viewvc?rev=652592&view=rev

Url: https://nvd.nist.gov/vuln/detail/CVE-2009-0783

Url: https://www.mend.io/vulnerability-database/CVE-2009-0783

Severity Score

4.2

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

No fix version available

CVSS v3

Base Score:	4.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2009-0783

Good to know:

Date: June 5, 2009

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?