CVE-2009-2901

Impact:
Low
Public Date:
2010-01-24
IAVA:
2011-A-0066
Bugzilla:
559742: CVE-2009-2901 tomcat: insecure partial deploy after failed undeploy

The MITRE CVE dictionary describes this issue as:

The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.

Find out more about CVE-2009-2901 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2901

This issue did not affect Tomcat versions running on Linux or Solaris systems.

This issue is fixed in the tomcat5 and tomcat6 packages released with JBoss Enterprise Web Server 1.0.1 for Windows.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.