New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 3.7
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update of Apache Tomcat 5 fixes the following security issues :
A directory traversal vulnerability allows remote attackers to create or overwrite arbitrary files and directories with a specially crafted WAR file (CVE-2009-2693 / CVE-2009-2902). When autoDeploy is enabled, the automatic deployment process deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
Note that this is a re-release of the security update to correct a regression. The previous patch caused tomcat to delete files it spuriously associated with a failed undeploy.
SolutionApply ZYPP patch number 7003.