CVE-2009-0783 - Vulnerability Details

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Tomcat
Redhat	Enterprise Linux Jboss Enterprise Application Platform Jboss Enterprise Web Server Network Satellite Rhel Application Server Rhel Developer Suite

Configuration 1 [-]

OR	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::
	cpe:2.3:a:apache:tomcat::::::::

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jakarta-slide-webdavclient-0:2.1-9.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jboss-cache-0:1.4.1-6.SP13.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jboss-remoting-0:2.2.3-2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.19.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
jgroups-1:2.4.6-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
xerces-j2-0:2.7.1-9jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2009:1144	2009-07-06T00:00:00Z
JBEAP 4.2.0 for RHEL 5
hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jakarta-slide-webdavclient-0:2.1-9.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jboss-cache-0:1.4.1-6.SP13.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jboss-remoting-0:2.2.3-2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.13.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
jgroups-1:2.4.6-1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2009:1143	2009-07-06T00:00:00Z
JBEWS 1.0 for RHEL 4
tomcat5-0:5.5.23-1.patch07.19.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2009:1454	2009-09-21T00:00:00Z
tomcat6-0:6.0.18-11.3.ep5.el4	cpe:/a:redhat:jboss_enterprise_web_server:1::el4	RHSA-2009:1506	2009-10-14T00:00:00Z
Red Hat Developer Suite V.3
tomcat5-0:5.5.23-0jpp_18rh	cpe:/a:redhat:rhel_developer_suite:3	RHSA-2009:1563	2009-11-09T00:00:00Z
Red Hat Enterprise Linux 5
tomcat5-0:5.5.23-0jpp.7.el5_3.2	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1164	2009-07-21T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
glassfish-jaxb-0:2.1.4-1.11.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jakarta-slide-webdavclient-0:2.1-9.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jboss-cache-0:1.4.1-6.SP13.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jboss-remoting-0:2.2.3-2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
jgroups-1:2.4.6-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
xerces-j2-0:2.7.1-9jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2009:1146	2009-07-06T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jakarta-slide-webdavclient-0:2.1-9.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jboss-cache-0:1.4.1-6.SP13.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jboss-remoting-0:2.2.3-2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
jgroups-1:2.4.6-1.ep1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2009:1145	2009-07-06T00:00:00Z
Red Hat JBoss Enterprise Web Server 1 for RHEL 5
tomcat5-0:5.5.23-0jpp.9.6.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2009:1454	2009-09-21T00:00:00Z
tomcat6-0:6.0.18-12.0.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_server:1::el5	RHSA-2009:1506	2009-10-14T00:00:00Z
Red Hat Network Satellite Server v 5.1
tomcat5-0:5.0.30-0jpp_16rh	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2009:1617	2009-11-30T00:00:00Z
Red Hat Network Satellite Server v 5.2
tomcat5-0:5.5.23-0jpp_18rh	cpe:/a:redhat:network_satellite:5.2::el4	RHSA-2009:1616	2009-11-30T00:00:00Z
Red Hat Network Satellite Server v 5.3
tomcat5-0:5.5.23-0jpp_18rh	cpe:/a:redhat:network_satellite:5.3::el4	RHSA-2009:1616	2009-11-30T00:00:00Z
RHAPS Version 2 for RHEL 4
tomcat5-0:5.5.23-0jpp_4rh.16	cpe:/a:redhat:rhel_application_server:2	RHSA-2009:1562	2009-11-09T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://marc.info/?l=bugtraq&m=127420533226623&w=2
http://marc.info/?l=bugtraq&m=129070310906557&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://secunia.com/advisories/35685
http://secunia.com/advisories/35788
http://secunia.com/advisories/37460
http://secunia.com/advisories/42368
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
http://support.apple.com/kb/HT4077
http://svn.apache.org/viewvc?rev=652592&view=rev
http://svn.apache.org/viewvc?rev=681156&view=rev
http://svn.apache.org/viewvc?rev=739522&view=rev
http://svn.apache.org/viewvc?rev=781542&view=rev
http://svn.apache.org/viewvc?rev=781708&view=rev
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.debian.org/security/2011/dsa-2207
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://www.securityfocus.com/archive/1/504090/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35416
http://www.securitytracker.com/id?1022336
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/1856
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2010/3056
https://exchange.xforce.ibmcloud.com/vulnerabilities/51195
https://issues.apache.org/bugzilla/show_bug.cgi?id=29936
https://issues.apache.org/bugzilla/show_bug.cgi?id=45933
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2009-0783
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450
https://www.cve.org/CVERecord?id=CVE-2009-0783
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-06-05T15:25:00

Updated: 2024-08-07T04:48:52.307Z

Reserved: 2009-03-04T00:00:00

Link: CVE-2009-0783

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-06-05T16:00:00.267

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0783

Redhat

Severity : Low

Publid Date: 2009-06-04T00:00:00Z

Links: CVE-2009-0783 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-04T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-13T16:08:27", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-4.html"}, {"name": "HPSBMA02535", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=652592&view=rev"}, {"name": "MDVSA-2009:138", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"name": "FEDORA-2009-11356", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"name": "DSA-2207", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"name": "HPSBUX02860", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37460"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=781542&view=rev"}, {"name": "oval:org.mitre.oval:def:18913", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"}, {"name": "ADV-2010-3056", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "35788", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35788"}, {"name": "SSRT100029", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=781708&view=rev"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=739522&view=rev"}, {"name": "ADV-2009-1856", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"name": "MDVSA-2010:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=681156&view=rev"}, {"name": "42368", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42368"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-6.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4077"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"}, {"name": "FEDORA-2009-11374", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"name": "oval:org.mitre.oval:def:6450", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"}, {"name": "35685", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35685"}, {"name": "1022336", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022336"}, {"name": "tomcat-xml-information-disclosure(51195)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"}, {"name": "FEDORA-2009-11352", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-5.html"}, {"name": "SUSE-SR:2009:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "HPSBUX02579", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "SSRT101146", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "MDVSA-2009:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"name": "263529", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"}, {"name": "SSRT100203", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "35416", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35416"}, {"name": "oval:org.mitre.oval:def:10716", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:48:52.307Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-4.html"}, {"name": "HPSBMA02535", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=652592&view=rev"}, {"name": "MDVSA-2009:138", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"name": "FEDORA-2009-11356", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"name": "DSA-2207", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"name": "HPSBUX02860", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37460"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=781542&view=rev"}, {"name": "oval:org.mitre.oval:def:18913", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"}, {"name": "ADV-2010-3056", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "35788", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35788"}, {"name": "SSRT100029", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=781708&view=rev"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=739522&view=rev"}, {"name": "ADV-2009-1856", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"name": "MDVSA-2010:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=681156&view=rev"}, {"name": "42368", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42368"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-6.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4077"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"}, {"name": "FEDORA-2009-11374", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"name": "oval:org.mitre.oval:def:6450", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"}, {"name": "35685", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35685"}, {"name": "1022336", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022336"}, {"name": "tomcat-xml-information-disclosure(51195)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"}, {"name": "FEDORA-2009-11352", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-5.html"}, {"name": "SUSE-SR:2009:012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "HPSBUX02579", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "SSRT101146", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "MDVSA-2009:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"name": "263529", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"}, {"name": "SSRT100203", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "35416", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35416"}, {"name": "oval:org.mitre.oval:def:10716", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0783", "datePublished": "2009-06-05T15:25:00", "dateReserved": "2009-03-04T00:00:00", "dateUpdated": "2024-08-07T04:48:52.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "FABEAD3F-1066-4802-BDFD-5F42406D2963", "versionEndIncluding": "4.1.39", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "88DD2300-F68E-4BD9-A511-7E9F1A6DD43B", "versionEndIncluding": "5.5.27", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "7888A749-8246-491C-AF4E-10762170ECE4", "versionEndIncluding": "6.0.18", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."}, {"lang": "es", "value": "Apache Tomcat v4.1.0 hasta la v4.1.39, v5.5.0 hasta la v5.5.27 y v6.0.0 hasta la v6.0.18 permite a las aplicaciones web reemplazar un \"parser\" (extractor de informaci\u00f3n) XML utilizado por otras aplicaciones web, lo que permite a los usuarios locales leer o modificar los ficheros (1) web.xml, (2) context.xml o (3) ficheros tld de aplicaciones web de su elecci\u00f3n a trav\u00e9s de una aplicacion manipulada que es cargada antes de la aplicaci\u00f3n web objetivo del ataque."}], "id": "CVE-2009-0783", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2009-06-05T16:00:00.267", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35685"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35788"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37460"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42368"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4077"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=652592&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=681156&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=739522&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=781542&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=781708&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-4.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-5.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/35416"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022336"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"source": "secalert@redhat.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37460"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=652592&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=681156&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=739522&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=781542&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=781708&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-4.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-5.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/35416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.3-2.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.19.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jgroups-1:2.4.6-1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.3-2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.13.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jgroups-1:2.4.6-1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1454", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", "package": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4", "product_name": "JBEWS 1.0 for RHEL 4", "release_date": "2009-09-21T00:00:00Z"}, {"advisory": "RHSA-2009:1506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", "package": "tomcat6-0:6.0.18-11.3.ep5.el4", "product_name": "JBEWS 1.0 for RHEL 4", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2009:1563", "cpe": "cpe:/a:redhat:rhel_developer_suite:3", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Developer Suite V.3", "release_date": "2009-11-09T00:00:00Z"}, {"advisory": "RHSA-2009:1164", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "tomcat5-0:5.5.23-0jpp.7.el5_3.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-07-21T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jgroups-1:2.4.6-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jgroups-1:2.4.6-1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1454", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2009-09-21T00:00:00Z"}, {"advisory": "RHSA-2009:1506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "tomcat6-0:6.0.18-12.0.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2009:1617", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "tomcat5-0:5.0.30-0jpp_16rh", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1616", "cpe": "cpe:/a:redhat:network_satellite:5.2::el4", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Network Satellite Server v 5.2", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1616", "cpe": "cpe:/a:redhat:network_satellite:5.3::el4", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Network Satellite Server v 5.3", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1562", "cpe": "cpe:/a:redhat:rhel_application_server:2", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "RHAPS Version 2 for RHEL 4", "release_date": "2009-11-09T00:00:00Z"}], "bugzilla": {"description": "tomcat XML parser information disclosure", "id": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"}, "csaw": false, "cvss": {"cvss_base_score": "1.5", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "status": "verified"}, "details": ["Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."], "name": "CVE-2009-0783", "public_date": "2009-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0783\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0783"], "threat_severity": "Low"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object