QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0580

Published: Jun 5, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

oval:org.mitre.oval:def:9101

vdb-entry

signature

x_refsource_OVAL

http://tomcat.apache.org/security-4.html

x_refsource_CONFIRM

oval:org.mitre.oval:def:18915

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_MANDRIVA

FEDORA-2009-11356

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_HP

http://svn.apache.org/viewvc?rev=747840&view=rev

x_refsource_CONFIRM

20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication

mailing-list

x_refsource_BUGTRAQ

APPLE-SA-2010-03-29-1

vendor-advisory

x_refsource_APPLE

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_HP

20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication

mailing-list

x_refsource_BUGTRAQ

http://svn.apache.org/viewvc?rev=781382&view=rev

x_refsource_CONFIRM

oval:org.mitre.oval:def:6628

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_MANDRIVA

20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

http://tomcat.apache.org/security-6.html

x_refsource_CONFIRM

http://support.apple.com/kb/HT4077

x_refsource_CONFIRM

FEDORA-2009-11374

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_HP

FEDORA-2009-11352

vendor-advisory

x_refsource_FEDORA

http://tomcat.apache.org/security-5.html

x_refsource_CONFIRM

SUSE-SR:2009:012

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_HP

tomcat-jsecuritycheck-info-disclosure(50930)

vdb-entry

x_refsource_XF

http://svn.apache.org/viewvc?rev=781379&view=rev

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

vendor-advisory

x_refsource_MANDRIVA

vendor-advisory

x_refsource_SUNALERT

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_VUPEN

[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.