Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2009-0580

CVE information

Published

13 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter..

CVSSv2.0 Score

Severity
Medium
Base Score
4.3/10
Exploit Score
8.6/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
  Yes
- -

References