WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2901)

Description

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Remediation

References

Related Vulnerabilities

Joomla! Core 3.9.x CSV Injection (3.9.0 - 3.9.6)

Liferay Portal Other Vulnerability (CVE-2023-33946)

Oracle Database Server CVE-2006-0290 Vulnerability (CVE-2006-0290)

Lighttpd Uncontrolled Resource Consumption Vulnerability (CVE-2022-30780)

WordPress Cryptographic Issues Vulnerability (CVE-2014-9037)

Severity

Medium

Classification

CVE-2009-2901 CWE-264

Tags

Missing Update Known Vulnerabilities