CVE-2009-2901
Publication date 28 January 2010
Last updated 24 July 2024
Ubuntu priority
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
Status
Package | Ubuntu Release | Status |
---|---|---|
tomcat5 | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Ignored end of life | |
tomcat5.5 | 11.10 oneiric | Not in release |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
9.04 jaunty | Ignored end of life | |
8.10 intrepid | Ignored end of life, was needs-triage | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Not in release | |
tomcat6 | 11.10 oneiric |
Not affected
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
9.10 karmic |
Fixed 6.0.20-2ubuntu2.1
|
|
9.04 jaunty |
Fixed 6.0.18-0ubuntu6.2
|
|
8.10 intrepid |
Fixed 6.0.18-0ubuntu3.3
|
|
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release |
Patch details
Package | Patch details |
---|---|
tomcat5.5 | |
tomcat6 |
References
Related Ubuntu Security Notices (USN)
- USN-899-1
- Tomcat vulnerabilities
- 11 February 2010