CVE ID:	CVE-2009-0783
Description:	Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
Test IDs:	1.3.6.1.4.1.25623.1.0.122466
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0783 1022336 http://www.securitytracker.com/id?1022336 20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure http://www.securityfocus.com/archive/1/504090/100/0/threaded 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components http://www.securityfocus.com/archive/1/507985/100/0/threaded 263529 http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1 35416 http://www.securityfocus.com/bid/35416 35685 http://secunia.com/advisories/35685 35788 http://secunia.com/advisories/35788 37460 http://secunia.com/advisories/37460 42368 http://secunia.com/advisories/42368 ADV-2009-1856 http://www.vupen.com/english/advisories/2009/1856 ADV-2009-3316 http://www.vupen.com/english/advisories/2009/3316 ADV-2010-3056 http://www.vupen.com/english/advisories/2010/3056 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-2207 http://www.debian.org/security/2011/dsa-2207 FEDORA-2009-11352 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html FEDORA-2009-11356 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html FEDORA-2009-11374 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html HPSBMA02535 http://marc.info/?l=bugtraq&m=127420533226623&w=2 HPSBUX02579 http://marc.info/?l=bugtraq&m=129070310906557&w=2 HPSBUX02860 http://marc.info/?l=bugtraq&m=136485229118404&w=2 MDVSA-2009:136 http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 MDVSA-2009:138 http://www.mandriva.com/security/advisories?name=MDVSA-2009:138 MDVSA-2010:176 http://www.mandriva.com/security/advisories?name=MDVSA-2010:176 SSRT100029 http://marc.info/?l=bugtraq&m=127420533226623&w=2 SSRT100203 http://marc.info/?l=bugtraq&m=129070310906557&w=2 SSRT101146 http://marc.info/?l=bugtraq&m=136485229118404&w=2 SUSE-SR:2009:012 http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E http://support.apple.com/kb/HT4077 http://support.apple.com/kb/HT4077 http://svn.apache.org/viewvc?rev=652592&view=rev http://svn.apache.org/viewvc?rev=652592&view=rev http://svn.apache.org/viewvc?rev=681156&view=rev http://svn.apache.org/viewvc?rev=681156&view=rev http://svn.apache.org/viewvc?rev=739522&view=rev http://svn.apache.org/viewvc?rev=739522&view=rev http://svn.apache.org/viewvc?rev=781542&view=rev http://svn.apache.org/viewvc?rev=781542&view=rev http://svn.apache.org/viewvc?rev=781708&view=rev http://svn.apache.org/viewvc?rev=781708&view=rev http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-6.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 https://issues.apache.org/bugzilla/show_bug.cgi?id=29936 https://issues.apache.org/bugzilla/show_bug.cgi?id=45933 https://issues.apache.org/bugzilla/show_bug.cgi?id=45933 oval:org.mitre.oval:def:10716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716 oval:org.mitre.oval:def:18913 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913 oval:org.mitre.oval:def:6450 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450 tomcat-xml-information-disclosure(51195) https://exchange.xforce.ibmcloud.com/vulnerabilities/51195