CVE-2009-0783

medium

Apache

CVSS v3 Base Score

4.2

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.1%

Exploitation probability in 30 days

Top 73% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Confidentiality

Low

Integrity

Low

Availability

Low

Published: June 5, 2009 (6187 days ago)

Last Modified: April 23, 2026

Vendor: Apache

Source: NVD

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.

CWE

CWE-200

Affected Products

apache tomcat

References

🔗 lists.apple.com 🔗 lists.opensuse.org 🔗 marc.info 🔗 marc.info 🔗 marc.info

CVE-2009-0783

Vulnerability Report

Description

CWE

Affected Products

References