The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

CVE-2009-2902 CVE-2009-2693 CVE-2010-1157 CVE-2010-2227 Multiple Vulnerabilities in Apache Tomcat

Guest Author
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2009-2902 Directory traversal vulnerability may allow remote users to delete the current contents of the host's work directory. 4.3 Apache Tomcat
OpenSolaris snv_111b plus bug fixes: 6919686 6968248
Solaris 10 SPARC: 122911-24 X86: 122912-24
Solaris 9 SPARC: 114016-06 X86: 114017-06
CVE-2009-2693 Directory traversal vulnerability may allow remote users to create or modify arbitrary files outside of the web root using certain entries in a WAR file. 5.8
CVE-2010-1157 Information disclosure vulnerability may allow remote users to discover the the local hostname or IP address of the system running Tomcat. 5.0
CVE-2010-2227 Improper handling of invalid Transfer-Encoding headers may allow remote users to cause a Denial of Service (DoS) or obtain sensitive information. 6.4

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.