|CVE Description||CVSSv2 Base Score||Component||Product and Resolution|
|CVE-2009-2902 Directory traversal vulnerability may allow remote users to delete the current contents of the host's work directory. ||4.3 ||Apache Tomcat || |
|CVE-2009-2693 Directory traversal vulnerability may allow remote users to create or modify arbitrary files outside of the web root using certain entries in a WAR file. ||5.8 |
|CVE-2010-1157 Information disclosure vulnerability may allow remote users to discover the the local hostname or IP address of the system running Tomcat. ||5.0 |
|CVE-2010-2227 Improper handling of invalid Transfer-Encoding headers may allow remote users to cause a Denial of Service (DoS) or obtain sensitive information. ||6.4 |
This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.