VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
VRDA-100126-001
Apache Tomcat Directory Traversal and Security Bypass Vulnerabilities
http://tomcat.apache.org/security-6.html

These issues were fixed in Apache Tomcat 6.0.21 but the release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did not pass. Therefore, although users must download 6.0.24 to obtain a version that includes fixes for these issues, versions 6.0.21 onwards are not included in the list of affected versions.




About This Analysis Information
Analysis Information Provider:
 		JPCERT/CC
 		First Published:
 		2010-01-26
Source Information Category:
 		Advisory, Alert
 		Last Updated:
 		2010-01-26




Affected Product Tags
cpe:/a:apache:tomcat     (Apache Software Foundation Tomcat)
 


Vulnerability Analysis Results
[Information Source Reliability] [?]
Low [?]

Medium [?]
X High [?]
[Impact Level] [?]
Low [?]

Low-Medium [?]
X Medium-High [?]
High [?]
[Access Required] [?]
Physical [?]

X Local [?]
Non-routed [?]
Routed [?]
[Authentication] [?]
Privileged [?]

X Standard [?]
Limited [?]
None or Unnecessary [?]
[User Interaction Required] [?]
X Complex [?]

Simple [?]
None [?]
[Technical Difficulty] [?]
High [?]

Medium-High [?]
Low-Medium [?]
Low [?]
[Availability of Remediation] [?]
X Official Patch [?]

Official Workaround [?]
Unofficial Patch [?]
None [?]
[Incident Activity] [?]
X None [?]

Exploit or PoC [?]
Activity Observed [?]
Alternatives




References
Common Vulnerabilities and Exposures (CVE) CVE-2009-2693




Common Vulnerabilities and Exposures (CVE) CVE-2009-2901




Common Vulnerabilities and Exposures (CVE) CVE-2009-2902




Copyright © 2010 JPCERT/CC All Rights Reserved.