Description
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Remediation
References
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://marc.info/?l=bugtraq&m=127420533226623&w=2
http://marc.info/?l=bugtraq&m=127420533226623&w=2
http://marc.info/?l=bugtraq&m=129070310906557&w=2
http://marc.info/?l=bugtraq&m=129070310906557&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://secunia.com/advisories/35685
http://secunia.com/advisories/35788
http://secunia.com/advisories/37460
http://secunia.com/advisories/42368
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
http://support.apple.com/kb/HT4077
http://svn.apache.org/viewvc?rev=652592&view=rev
http://svn.apache.org/viewvc?rev=681156&view=rev
http://svn.apache.org/viewvc?rev=739522&view=rev
http://svn.apache.org/viewvc?rev=781542&view=rev
http://svn.apache.org/viewvc?rev=781708&view=rev
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-6.html
http://www.debian.org/security/2011/dsa-2207
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://www.securityfocus.com/archive/1/504090/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/35416
http://www.securitytracker.com/id?1022336
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/1856
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2010/3056
https://exchange.xforce.ibmcloud.com/vulnerabilities/51195
https://issues.apache.org/bugzilla/show_bug.cgi?id=29936
https://issues.apache.org/bugzilla/show_bug.cgi?id=45933
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Related Vulnerabilities
CVE-2019-1003055 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher
CVE-2019-18798 Vulnerability in npm package node-sass
CVE-2022-28135 Vulnerability in maven package org.jvnet.hudson.plugins:instant-messaging
CVE-2019-10757 Vulnerability in npm package knex
CVE-2018-19362 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind