Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability

Bugtraq ID: 37942
Class: Access Validation Error
CVE: CVE-2009-2901
Remote: Yes
Local: No
Published: Jan 25 2010 12:00AM
Updated: Feb 27 2014 12:22PM
Credit: Apache Tomcat Security Team
Vulnerable: VMWare vCenter 4.0
VMWare ESX Server 4.1
VMWare ESX Server 4.0
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise 11
SuSE SUSE Linux Enterprise 10 SP3
SuSE SUSE Linux Enterprise 10 SP2
Sun Solaris 10
S.u.S.E. openSUSE 11.2
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2010.0 x86_64
Mandriva Linux Mandrake 2010.0
Mandriva Linux Mandrake 2009.1 x86_64
Mandriva Linux Mandrake 2009.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
IBM WebSphere Application Server Community Edition 2.0 1
IBM WebSphere Application Server Community Edition 2.0
HP Performance Manager 8.21
HP Performance Manager 8.20
HP Performance Manager 8.10
HP OpenVMS Secure Web Server 7.3 -2
HP OpenVMS Secure Web Server 7.3 -1
HP OpenVMS Secure Web Server 7.3
HP OpenVMS Secure Web Server 7.2 -2
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP OpenVMS Secure Web Server 2.2
HP OpenVMS Secure Web Server 2.1-1
Gentoo Linux
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.5.8
Apple Mac OS X Server 10.6
Apache Software Foundation Tomcat 6.0.20
Apache Software Foundation Tomcat 6.0.18
Apache Software Foundation Tomcat 6.0.16
Apache Software Foundation Tomcat 6.0.15
Apache Software Foundation Tomcat 6.0.14
Apache Software Foundation Tomcat 6.0.13
Apache Software Foundation Tomcat 6.0.12
Apache Software Foundation Tomcat 6.0.11
Apache Software Foundation Tomcat 6.0.10
Apache Software Foundation Tomcat 6.0.9
Apache Software Foundation Tomcat 6.0.8
Apache Software Foundation Tomcat 6.0.7
Apache Software Foundation Tomcat 6.0.6
Apache Software Foundation Tomcat 6.0.5
Apache Software Foundation Tomcat 6.0.4
Apache Software Foundation Tomcat 6.0.3
Apache Software Foundation Tomcat 6.0.2
Apache Software Foundation Tomcat 6.0.1
Apache Software Foundation Tomcat 6.0
Apache Software Foundation Tomcat 5.5.28
Apache Software Foundation Tomcat 5.5.27
Apache Software Foundation Tomcat 5.5.26
Apache Software Foundation Tomcat 5.5.25
Apache Software Foundation Tomcat 5.5.24
Apache Software Foundation Tomcat 5.5.23
Apache Software Foundation Tomcat 5.5.22
Apache Software Foundation Tomcat 5.5.21
Apache Software Foundation Tomcat 5.5.20
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Tomcat 5.5.19
Apache Software Foundation Tomcat 5.5.18
Apache Software Foundation Tomcat 5.5.17
Apache Software Foundation Tomcat 5.5.16
Apache Software Foundation Tomcat 5.5.15
Apache Software Foundation Tomcat 5.5.14
Apache Software Foundation Tomcat 5.5.13
Apache Software Foundation Tomcat 5.5.12
Apache Software Foundation Tomcat 5.5.11
Apache Software Foundation Tomcat 5.5.10
Apache Software Foundation Tomcat 5.5.9
Apache Software Foundation Tomcat 5.5.8
Apache Software Foundation Tomcat 5.5.7
Apache Software Foundation Tomcat 5.5.6
Apache Software Foundation Tomcat 5.5.5
Apache Software Foundation Tomcat 5.5.4
Apache Software Foundation Tomcat 5.5.3
Apache Software Foundation Tomcat 5.5.2
Apache Software Foundation Tomcat 5.5.1
Apache Software Foundation Tomcat 5.5
Not Vulnerable: VMWare ESX Server 4.1 ESX410-201101201
IBM WebSphere Application Server Community Edition 2.1.1.4
Apple Mac OS X Server 10.6.3
Apache Software Foundation Tomcat 6.0.24
Apache Software Foundation Tomcat 5.5.29


 

Privacy Statement
Copyright 2010, SecurityFocus