CVE Vulnerabilities

CVE-2009-2901

Published: Jan 28, 2010 | Modified: Mar 25, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Affected Software

Name Vendor Start Version End Version
Tomcat Apache 5.5.0 5.5.0
Tomcat Apache 5.5.1 5.5.1
Tomcat Apache 5.5.2 5.5.2
Tomcat Apache 5.5.3 5.5.3
Tomcat Apache 5.5.4 5.5.4
Tomcat Apache 5.5.5 5.5.5
Tomcat Apache 5.5.6 5.5.6
Tomcat Apache 5.5.7 5.5.7
Tomcat Apache 5.5.8 5.5.8
Tomcat Apache 5.5.9 5.5.9
Tomcat Apache 5.5.10 5.5.10
Tomcat Apache 5.5.11 5.5.11
Tomcat Apache 5.5.12 5.5.12
Tomcat Apache 5.5.13 5.5.13
Tomcat Apache 5.5.14 5.5.14
Tomcat Apache 5.5.15 5.5.15
Tomcat Apache 5.5.16 5.5.16
Tomcat Apache 5.5.17 5.5.17
Tomcat Apache 5.5.18 5.5.18
Tomcat Apache 5.5.19 5.5.19
Tomcat Apache 5.5.20 5.5.20
Tomcat Apache 5.5.21 5.5.21
Tomcat Apache 5.5.22 5.5.22
Tomcat Apache 5.5.23 5.5.23
Tomcat Apache 5.5.24 5.5.24
Tomcat Apache 5.5.25 5.5.25
Tomcat Apache 5.5.26 5.5.26
Tomcat Apache 5.5.27 5.5.27
Tomcat Apache 5.5.28 5.5.28
Tomcat Apache 6.0 6.0
Tomcat Apache 6.0.0 6.0.0
Tomcat Apache 6.0.1 6.0.1
Tomcat Apache 6.0.2 6.0.2
Tomcat Apache 6.0.3 6.0.3
Tomcat Apache 6.0.4 6.0.4
Tomcat Apache 6.0.5 6.0.5
Tomcat Apache 6.0.6 6.0.6
Tomcat Apache 6.0.7 6.0.7
Tomcat Apache 6.0.8 6.0.8
Tomcat Apache 6.0.9 6.0.9
Tomcat Apache 6.0.10 6.0.10
Tomcat Apache 6.0.11 6.0.11
Tomcat Apache 6.0.12 6.0.12
Tomcat Apache 6.0.13 6.0.13
Tomcat Apache 6.0.14 6.0.14
Tomcat Apache 6.0.15 6.0.15
Tomcat Apache 6.0.16 6.0.16
Tomcat Apache 6.0.17 6.0.17
Tomcat Apache 6.0.18 6.0.18
Tomcat Apache 6.0.19 6.0.19
Tomcat Apache 6.0.20 6.0.20
Tomcat5 Ubuntu dapper *
Tomcat5.5 Ubuntu hardy *
Tomcat5.5 Ubuntu jaunty *
Tomcat6 Ubuntu intrepid *
Tomcat6 Ubuntu jaunty *
Tomcat6 Ubuntu karmic *

References