4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
57.8%
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0
through 6.0.20, when autoDeploy is enabled, deploys appBase files that
remain from a failed undeploy, which might allow remote attackers to bypass
intended authentication requirements via HTTP requests.
tomcat.apache.org/security-5.html
tomcat.apache.org/security-6.html
www.securityfocus.com/archive/1/archive/1/509151/100/0/threaded
launchpad.net/bugs/cve/CVE-2009-2901
nvd.nist.gov/vuln/detail/CVE-2009-2901
security-tracker.debian.org/tracker/CVE-2009-2901
ubuntu.com/security/notices/USN-899-1
www.cve.org/CVERecord?id=CVE-2009-2901