CVE-2009-0783
Publication date 5 June 2009
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Status
Package | Ubuntu Release | Status |
---|---|---|
tomcat5 | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Ignored end of life | |
tomcat5.5 | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
9.04 jaunty | Ignored end of life | |
8.10 intrepid | Ignored end of life, was needed | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Not in release | |
tomcat6 | 11.10 oneiric |
Not affected
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
9.10 karmic |
Not affected
|
|
9.04 jaunty |
Fixed 6.0.18-0ubuntu6.1
|
|
8.10 intrepid |
Fixed 6.0.18-0ubuntu3.2
|
|
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release |
Notes
Patch details
Package | Patch details |
---|---|
tomcat5.5 | |
tomcat6 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 4.2 · Medium |
Attack vector | Local |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | Low |
Vector | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |