{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-04T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-13T16:08:27.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-4.html"}, {"name": "HPSBMA02535", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=652592&view=rev"}, {"name": "MDVSA-2009:138", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"name": "FEDORA-2009-11356", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"name": "DSA-2207", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"name": "HPSBUX02860", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37460"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=781542&view=rev"}, {"name": "oval:org.mitre.oval:def:18913", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"}, {"name": "ADV-2010-3056", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "35788", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35788"}, {"name": "SSRT100029", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=781708&view=rev"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=739522&view=rev"}, {"name": "ADV-2009-1856", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"name": "MDVSA-2010:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?rev=681156&view=rev"}, {"name": "42368", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42368"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-6.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4077"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"}, {"name": "FEDORA-2009-11374", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"name": "oval:org.mitre.oval:def:6450", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"}, {"name": "35685", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35685"}, {"name": "1022336", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022336"}, {"name": "tomcat-xml-information-disclosure(51195)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"}, {"name": "FEDORA-2009-11352", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-5.html"}, {"name": "SUSE-SR:2009:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "HPSBUX02579", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "SSRT101146", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "MDVSA-2009:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"name": "263529", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"}, {"name": "SSRT100203", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "35416", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35416"}, {"name": "oval:org.mitre.oval:def:10716", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:48:52.307Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-4.html"}, {"name": "HPSBMA02535", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=652592&view=rev"}, {"name": "MDVSA-2009:138", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"name": "FEDORA-2009-11356", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"name": "DSA-2207", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"name": "HPSBUX02860", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "37460", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37460"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=781542&view=rev"}, {"name": "oval:org.mitre.oval:def:18913", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"}, {"name": "ADV-2010-3056", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "35788", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35788"}, {"name": "SSRT100029", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=781708&view=rev"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=739522&view=rev"}, {"name": "ADV-2009-1856", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"name": "MDVSA-2010:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?rev=681156&view=rev"}, {"name": "42368", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42368"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-6.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4077"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"}, {"name": "FEDORA-2009-11374", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"name": "oval:org.mitre.oval:def:6450", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"}, {"name": "35685", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35685"}, {"name": "1022336", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022336"}, {"name": "tomcat-xml-information-disclosure(51195)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"}, {"name": "FEDORA-2009-11352", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-5.html"}, {"name": "SUSE-SR:2009:012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"name": "HPSBUX02579", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "SSRT101146", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"name": "MDVSA-2009:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"name": "263529", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"}, {"name": "SSRT100203", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"name": "35416", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35416"}, {"name": "oval:org.mitre.oval:def:10716", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-0783", "datePublished": "2009-06-05T15:25:00.000Z", "dateReserved": "2009-03-04T00:00:00.000Z", "dateUpdated": "2024-08-07T04:48:52.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "FABEAD3F-1066-4802-BDFD-5F42406D2963", "versionEndIncluding": "4.1.39", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "88DD2300-F68E-4BD9-A511-7E9F1A6DD43B", "versionEndIncluding": "5.5.27", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "7888A749-8246-491C-AF4E-10762170ECE4", "versionEndIncluding": "6.0.18", "versionStartIncluding": "6.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."}, {"lang": "es", "value": "Apache Tomcat v4.1.0 hasta la v4.1.39, v5.5.0 hasta la v5.5.27 y v6.0.0 hasta la v6.0.18 permite a las aplicaciones web reemplazar un \"parser\" (extractor de informaci\u00f3n) XML utilizado por otras aplicaciones web, lo que permite a los usuarios locales leer o modificar los ficheros (1) web.xml, (2) context.xml o (3) ficheros tld de aplicaciones web de su elecci\u00f3n a trav\u00e9s de una aplicacion manipulada que es cargada antes de la aplicaci\u00f3n web objetivo del ataque."}], "id": "CVE-2009-0783", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2009-06-05T16:00:00.267", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35685"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35788"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37460"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42368"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4077"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=652592&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=681156&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=739522&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=781542&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=781708&view=rev"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-4.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-5.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/35416"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022336"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"source": "secalert@redhat.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"}, {"source": "secalert@redhat.com", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37460"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/42368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=652592&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=681156&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=739522&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=781542&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://svn.apache.org/viewvc?rev=781708&view=rev"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-4.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-5.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2011/dsa-2207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/35416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1022336"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1856"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/3056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Tool Signature"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-4.GA_CP07.5.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.3-2.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.19.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jgroups-1:2.4.6-1.ep1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1144", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-4.GA_CP07.5.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.3-2.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.13.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jgroups-1:2.4.6-1.ep1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1143", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-5.GA_CP07.ep1.1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1454", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", "package": "tomcat5-0:5.5.23-1.patch07.19.ep5.el4", "product_name": "JBEWS 1.0 for RHEL 4", "release_date": "2009-09-21T00:00:00Z"}, {"advisory": "RHSA-2009:1506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4", "package": "tomcat6-0:6.0.18-11.3.ep5.el4", "product_name": "JBEWS 1.0 for RHEL 4", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2009:1563", "cpe": "cpe:/a:redhat:rhel_developer_suite:3", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Developer Suite V.3", "release_date": "2009-11-09T00:00:00Z"}, {"advisory": "RHSA-2009:1164", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "tomcat5-0:5.5.23-0jpp.7.el5_3.2", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-07-21T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1.11.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.3.1-1.10.GA_CP01.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-entitymanager-0:3.3.2-2.4.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hsqldb-1:1.8.0.8-2.patch02.1jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-4.GA_CP05.6.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.3-2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.15.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-3.SP2_CP06.3.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jgroups-1:2.4.6-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1146", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "xerces-j2-0:2.7.1-9jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1.11.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP08.0jpp.ep1.2.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.3.1-1.10.1GA_CP01.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-commons-annotations-0:3.0.0-1jpp.ep1.5.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-entitymanager-0:3.3.2-2.4.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-validator-0:3.0.0-1jpp.ep1.8.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jakarta-slide-webdavclient-0:2.1-9.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-4.GA_CP05.6.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-cache-0:1.4.1-6.SP13.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-2.SP3_CP08.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.3-2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.11.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP05.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-6.CP11.0jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-3.SP2_CP06.3.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-2.GA_CP04.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-framework-0:2.0.1-1.GA_CP04.2.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-spi-0:1.0.0-1.GA_CP02.1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jgroups-1:2.4.6-1.ep1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1145", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-5.GA_CP05.ep1.2.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2009-07-06T00:00:00Z"}, {"advisory": "RHSA-2009:1454", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "tomcat5-0:5.5.23-0jpp.9.6.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2009-09-21T00:00:00Z"}, {"advisory": "RHSA-2009:1506", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "tomcat6-0:6.0.18-12.0.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2009-10-14T00:00:00Z"}, {"advisory": "RHSA-2009:1617", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "tomcat5-0:5.0.30-0jpp_16rh", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1616", "cpe": "cpe:/a:redhat:network_satellite:5.2::el4", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Network Satellite Server v 5.2", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1616", "cpe": "cpe:/a:redhat:network_satellite:5.3::el4", "package": "tomcat5-0:5.5.23-0jpp_18rh", "product_name": "Red Hat Network Satellite Server v 5.3", "release_date": "2009-11-30T00:00:00Z"}, {"advisory": "RHSA-2009:1562", "cpe": "cpe:/a:redhat:rhel_application_server:2", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "RHAPS Version 2 for RHEL 4", "release_date": "2009-11-09T00:00:00Z"}], "bugzilla": {"description": "tomcat XML parser information disclosure", "id": "504153", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=504153"}, "csaw": false, "cvss": {"cvss_base_score": "1.5", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "status": "verified"}, "details": ["Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."], "name": "CVE-2009-0783", "public_date": "2009-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0783\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-0783"], "threat_severity": "Low"}

{}