Computer Security

Apache Tomcat multiple security vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Apache Tomcat multiple security vulnerabilities
Published:26.01.2010
Source:BUGTRAQ
SecurityVulns ID:10550
Type:local
Level:4/10
Description:Files deletion, weak permissions after re-installation.
Affected:APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.)
 CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.)
Original documentdocumentAPACHE, [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy (26.01.2010)
 documentAPACHE, [SECURITY] CVE-2009-2902 Apache Tomcat unexpected file deletion in work directory (26.01.2010)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server