CVE-2009-0783 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0783 Interim 1 9 2023-03-02T03:44:01Z current 2021-05-30T12:46:08Z 2023-03-02T03:44:01Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0783 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html E-Mail link for SUSE-SR:2009:012 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP1 for Teradata SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3 LTSS SUSE Linux Enterprise Server 11 SP3 for Teradata SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-3_0-api tomcat-javadoc tomcat-jsp-2_3-api tomcat-lib tomcat-servlet-3_1-api tomcat-webapps tomcat6 tomcat6-6.0.18-20.35.36.1 tomcat6-6.0.18-20.35.40.1 tomcat6-6.0.41-0.43.1 tomcat6-admin-webapps tomcat6-admin-webapps-6.0.18-20.35.36.1 tomcat6-admin-webapps-6.0.18-20.35.40.1 tomcat6-admin-webapps-6.0.41-0.43.1 tomcat6-docs-webapp tomcat6-docs-webapp-6.0.18-20.35.36.1 tomcat6-docs-webapp-6.0.18-20.35.40.1 tomcat6-docs-webapp-6.0.41-0.43.1 tomcat6-javadoc tomcat6-javadoc-6.0.18-20.35.36.1 tomcat6-javadoc-6.0.18-20.35.40.1 tomcat6-javadoc-6.0.41-0.43.1 tomcat6-jsp-2_1-api tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 tomcat6-jsp-2_1-api-6.0.41-0.43.1 tomcat6-lib tomcat6-lib-6.0.18-20.35.36.1 tomcat6-lib-6.0.18-20.35.40.1 tomcat6-lib-6.0.41-0.43.1 tomcat6-servlet-2_5-api tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 tomcat6-servlet-2_5-api-6.0.41-0.43.1 tomcat6-webapps tomcat6-webapps-6.0.18-20.35.36.1 tomcat6-webapps-6.0.18-20.35.40.1 tomcat6-webapps-6.0.41-0.43.1 tomcat6-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-admin-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-docs-webapp-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-javadoc-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-lib-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-admin-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-docs-webapp-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-javadoc-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-lib-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-admin-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-docs-webapp-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-javadoc-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-jsp-2_1-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-lib-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-servlet-2_5-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6 as a component of SUSE Linux Enterprise Server 11 SP1 for Teradata tomcat6 as a component of SUSE Linux Enterprise Server 11 SP3 LTSS tomcat6 as a component of SUSE Linux Enterprise Server 11 SP3 for Teradata tomcat6 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-admin-webapps as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-docs-webapp as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-javadoc as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-jsp-2_1-api as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-lib as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-servlet-2_5-api as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat6-webapps as a component of SUSE Linux Enterprise Server 11 SP4-LTSS tomcat as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP3 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP3 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. CVE-2009-0783 SUSE Linux Enterprise Server 11 SP2:tomcat6-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-admin-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-docs-webapp-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-javadoc-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-lib-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-admin-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-docs-webapp-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-javadoc-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-jsp-2_1-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-lib-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-servlet-2_5-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP1 for Teradata:tomcat6 SUSE Linux Enterprise Server 11 SP3 LTSS:tomcat6 SUSE Linux Enterprise Server 11 SP3 for Teradata:tomcat6 SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6 SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-admin-webapps SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-docs-webapp SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-javadoc SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-jsp-2_1-api SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-lib SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-servlet-2_5-api SUSE Linux Enterprise Server 11 SP4-LTSS:tomcat6-webapps SUSE Linux Enterprise Server 12 SP2:tomcat SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP2:tomcat-lib SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP2:tomcat-webapps SUSE Linux Enterprise Server 12 SP3:tomcat SUSE Linux Enterprise Server 12 SP3:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP3:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP3:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP3:tomcat-javadoc SUSE Linux Enterprise Server 12 SP3:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP3:tomcat-lib SUSE Linux Enterprise Server 12 SP3:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP3:tomcat-webapps moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 4.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L