Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat multiple security vulnerabilities
Published:26.01.2010
Source:
SecurityVulns ID:10550
Type:local
Threat Level:
4/10
Description:Files deletion, weak permissions after re-installation.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.)
 CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.)
Original documentdocumentAPACHE, [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy (26.01.2010)
 documentAPACHE, [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory (26.01.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod