Summary
Apache Tomcat is prone to a directory-traversal vulnerability and to an authentication-bypass vulnerability.
Exploiting this issue allows attackers to delete arbitrary files within the context of the current working directory or gain unauthorized access to files and directories..
The following versions are affected:
Tomcat 5.5.0 through 5.5.28
Tomcat 6.0.0 through 6.0.20
Solution
The vendor has released updates. Please see the references for details.
References
Severity
Classification
-
CVE CVE-2009-2693, CVE-2009-2901, CVE-2009-2902 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities