Apache Tomcat: Low: Insecure partial deploy after failed undeploy (CVE-2009-2901)
|4||(AV:N/AC:M/Au:N/C:P/I:N/A:N)||January 27, 2010||May 16, 2012||February 12, 2015|
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- OS X update for Tomcat (CVE-2009-2901)
- Sun Patch: SunOS 5.10_x86: Oracle Java Web Console 3.1 Patch
- Sun Patch: SunOS 5.10: Apache 1.3 Patch
- Sun Patch: SunOS 5.10_x86: Apache 1.3 Patch
- SUSE Linux Security Advisory: SUSE-SR:2010:008
- SUSE Linux Security Vulnerability: CVE-2009-2901
- Sun Patch: SunOS 5.9: tomcat security patch
- Sun Patch: SunOS 5.9_x86: tomcat security patch
- VMSA-2011-0003: vCenter Server and ESX, Oracle (Sun) JRE is (CVE-2009-2901)
- USN-899-1: Tomcat vulnerabilities
- Sun Patch: SunOS 5.10: Oracle Java Web Console 3.1 Patch