CVE-2009-2901
https://notcve.org/view.php?id=CVE-2009-2901
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. El proceso de auto despliegue en Apache Tomcat desde v5.5.0 hasta v5.5.28 y desde v6.0.0 hasta v6.0.20, cuando AutoDeploy esta activado, despliega ficheros appBase que se mantienen de un plegado fallido lo que permite a atacantes remotos evitar la autenticación a través de peticiones HTTP. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://marc.info/?l=bugtraq&m=127420533226623&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=13934 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-2902 – tomcat: unexpected file deletion in work directory
https://notcve.org/view.php?id=CVE-2009-2902
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename. Vulnerabilidad de salto de directorio en Apache Tomcat desde v5.5.0 hasta v5.5.28 y desde v6.0.0 hasta v6.0.20 permite a atacantes remotos borrar ficheros del directorio de trabajo a través de secuencias de salto de directorio en un nombre de fichero WAR, como se demuestra en ..war nombre de fichero. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://marc.info/?l=bugtraq&m=127420533226623&w=2 http://marc.info • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-3548 – Apache Tomcat Manager - Application Upload (Authenticated) Code Execution
https://notcve.org/view.php?id=CVE-2009-3548
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. El instalador de Windows para Apache Tomcat 6.0.0 a 6.0.20, 5.5.0 a 5.5.28, y posiblemente versiones anteriores, usa una contraseña en blanco por defecto para el usuario administrador, lo que permite a atacantes remotos obtener privilegios. • https://www.exploit-db.com/exploits/31433 https://www.exploit-db.com/exploits/16317 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02241113 http://marc.info/?l=bugtraq&m=127420533226623&w=2 http://marc.info/?l=bugtraq&m=133469267822771&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/? • CWE-255: Credentials Management Errors •
CVE-2008-5515 – tomcat request dispatcher information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2008-5515
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request. Apache Tomcat desde v4.1.0 hasta v4.1.39, desde v5.5.0 hasta v5.5.27, desde v6.0.0 hasta v6.0.18, y posiblemente versiones anteriores que normalizan la ruta del directorio objetivo antes de filtrar la cadena de petición cuando se utiliza el método RequestDispatcher, lo que permitiría atacantes remotos evitar las restricciones de acceso previstas y que llevaría a un salto de directorio a través de secuencias ..(punto punto) y el directorio WEB-INF en una petición. When using a RequestDispatcher obtained from the Request in Apache Tomcat, the target path was normalized before the query string was removed. • http://jvn.jp/en/jp/JVN63832775/index.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://marc.info/?l=bugtraq&m=127420533226623&w=2 http://marc.info/?l=bugtraq&m=129070310906557&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://secunia.com/advisories/35393 http://secunia.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2009-0783 – tomcat XML parser information disclosure
https://notcve.org/view.php?id=CVE-2009-0783
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. Apache Tomcat v4.1.0 hasta la v4.1.39, v5.5.0 hasta la v5.5.27 y v6.0.0 hasta la v6.0.18 permite a las aplicaciones web reemplazar un "parser" (extractor de información) XML utilizado por otras aplicaciones web, lo que permite a los usuarios locales leer o modificar los ficheros (1) web.xml, (2) context.xml o (3) ficheros tld de aplicaciones web de su elección a través de una aplicacion manipulada que es cargada antes de la aplicación web objetivo del ataque. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://marc.info/?l=bugtraq&m=127420533226623&w=2 http://marc.info/?l=bugtraq&m=129070310906557&w=2 http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://secunia.com/advisories/35685 http://secunia.com/advisories/35788 http://secunia.com/advisories/37460 http://secunia.com/advisories/42368 http://sunsolve.sun.com/sear • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •