This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote Apache Tomcat server is affected by multiple
According to its self-reported version number, the Apache Tomcat
server listening on the remote host is prior to 4.1.40, 5.5.28, or
6.0.20. It is, therefore, affected by the following vulnerabilities :
- The remote server is affected by a directory traversal
vulnerability if a RequestDispatcher obtained from a
Request object is used. A specially crafted value for a
request parameter can be used to access potentially
sensitive configuration files or other files, e.g.,
files in the WEB-INF directory. (CVE-2008-5515)
- The remote server is affected by a denial of service
vulnerability if configured to use the Java AJP
connector. An attacker can send a malicious request with
invalid headers which causes the AJP connector to be put
into an error state for a short time. This behavior can
be used as a denial of service attack. (CVE-2009-0033)
- The remote server is affected by a username enumeration
vulnerability if configured to use FORM authentication
along with the 'MemoryRealm', 'DataSourceRealm', or
'JDBCRealm' authentication realms. (CVE-2009-0580)
- The remote server is affected by a script injection
vulnerability if the example JSP application,
'cal2.jsp', is installed. An unauthenticated, remote
attacker can exploit this issue to inject arbitrary HTML
or script code into a user's browser to be executed
within the security context of the affected site.
- The remote server is vulnerable to unauthorized
modification of 'web.xml', 'context.xml', or TLD files
of arbitrary web applications. This vulnerability allows
the XML parser, used to process the XML and TLD files,
to be replaced. (CVE-2009-0783)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
See also :
Upgrade to Apache Tomcat version 4.1.40 / 5.5.28 / 6.0.20 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 46753 ()
Bugtraq ID: 35193351963526335416
CVE ID: CVE-2008-5515CVE-2009-0033CVE-2009-0580CVE-2009-0781CVE-2009-0783
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.