CVE-2009-0783 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0783 Interim 1 13 2025-11-05T06:09:03Z current 2021-05-30T12:46:08Z 2025-11-05T06:09:03Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0783 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UZFW5KU5NKW7N2N2NBJXVL2IW7DVJYIB/#UZFW5KU5NKW7N2N2NBJXVL2IW7DVJYIB E-Mail link for SUSE-SR:2009:012 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 tomcat6-6.0.18-20.35.36.1 tomcat6-6.0.18-20.35.40.1 tomcat6-6.0.41-0.43.1 tomcat6-admin-webapps-6.0.18-20.35.36.1 tomcat6-admin-webapps-6.0.18-20.35.40.1 tomcat6-admin-webapps-6.0.41-0.43.1 tomcat6-docs-webapp-6.0.18-20.35.36.1 tomcat6-docs-webapp-6.0.18-20.35.40.1 tomcat6-docs-webapp-6.0.41-0.43.1 tomcat6-javadoc-6.0.18-20.35.36.1 tomcat6-javadoc-6.0.18-20.35.40.1 tomcat6-javadoc-6.0.41-0.43.1 tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 tomcat6-jsp-2_1-api-6.0.41-0.43.1 tomcat6-lib-6.0.18-20.35.36.1 tomcat6-lib-6.0.18-20.35.40.1 tomcat6-lib-6.0.41-0.43.1 tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 tomcat6-servlet-2_5-api-6.0.41-0.43.1 tomcat6-webapps-6.0.18-20.35.36.1 tomcat6-webapps-6.0.18-20.35.40.1 tomcat6-webapps-6.0.41-0.43.1 tomcat6-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-admin-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-docs-webapp-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-javadoc-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-lib-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-webapps-6.0.18-20.35.36.1 as a component of SUSE Linux Enterprise Server 11 SP2 tomcat6-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-admin-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-docs-webapp-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-javadoc-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-lib-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-webapps-6.0.18-20.35.40.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-admin-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-docs-webapp-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-javadoc-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-jsp-2_1-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-lib-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-servlet-2_5-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 tomcat6-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP4 Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. CVE-2009-0783 SUSE Linux Enterprise Server 11 SP2:tomcat6-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-admin-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-docs-webapp-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-javadoc-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-lib-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP2:tomcat6-webapps-6.0.18-20.35.36.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.18-20.35.40.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-admin-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-docs-webapp-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-javadoc-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-jsp-2_1-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-lib-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-servlet-2_5-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP4:tomcat6-webapps-6.0.41-0.43.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P 4.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L