Apache Tomcat Cross-Application File Manipulation

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The web server running on the remote host has an information
disclosure vulnerability.

Description :

According to its self-reported version number, the remote host is
running a vulnerable version of Apache Tomcat. Affected versions
permit a web application to replace the XML parser used to process the
XML and TLD files of other applications. This could allow a malicious
web app to read or modify 'web.xml', 'context.xml', or TLD files of
arbitrary web applications.

See also :

https://issues.apache.org/bugzilla/show_bug.cgi?id=29936
http://www.securityfocus.com/archive/1/504090
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://tomcat.apache.org/security-4.html

Solution :

Upgrade to versions 7.0.19 / 6.0.20 / 5.5.28 / 4.1.40 or later, or
apply the patches referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 39479 ()

Bugtraq ID: 35416

CVE ID: CVE-2009-0783