Apache Tomcat Cross-Application File Manipulation

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.

Synopsis :

The web server running on the remote host has an information
disclosure vulnerability.

Description :

According to its self-reported version number, the remote host is
running a vulnerable version of Apache Tomcat. Affected versions
permit a web application to replace the XML parser used to process the
XML and TLD files of other applications. This could allow a malicious
web app to read or modify 'web.xml', 'context.xml', or TLD files of
arbitrary web applications.

See also :


Solution :

Upgrade to versions 7.0.19 / 6.0.20 / 5.5.28 / 4.1.40 or later, or
apply the patches referenced in the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 3.8
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 39479 ()

Bugtraq ID: 35416

CVE ID: CVE-2009-0783