Oval Definition:	oval:org.opensuse.security:def:20090580
Revision Date: 2022-05-20 Version: 1 Title: CVE-2009-0580 Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter. Family: unix Class: vulnerability Status: Reference(s): CVE-2009-0580 Mitre CVE-2009-0580 SUSE CVE-2009-0580 SUSE-SR:2009:012 SUSE-SR:2009:012 Platform(s): Open Enterprise Server openSUSE 10.3 openSUSE 11.0 openSUSE 11.1 SUSE Linux Enterprise SDK 10 SP2 SUSE Linux Enterprise SDK 11 GA SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP4 Product(s): Definition Synopsis sles10-sp2-sdk is installed AND Package Information tomcat5-admin-webapps less than 5.0.30-27.40 OR tomcat5-webapps less than 5.0.30-27.40 OR tomcat5 less than 5.0.30-27.40 Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP3 is installed AND tomcat6-6.0.18-20.35.40.1 is installed OR tomcat6-admin-webapps-6.0.18-20.35.40.1 is installed OR tomcat6-docs-webapp-6.0.18-20.35.40.1 is installed OR tomcat6-javadoc-6.0.18-20.35.40.1 is installed OR tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 is installed OR tomcat6-lib-6.0.18-20.35.40.1 is installed OR tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 is installed OR tomcat6-webapps-6.0.18-20.35.40.1 is installed OR Package Information SUSE Linux Enterprise Server 11 SP4 is installed AND tomcat6-6.0.41-0.43.1 is installed OR tomcat6-admin-webapps-6.0.41-0.43.1 is installed OR tomcat6-docs-webapp-6.0.41-0.43.1 is installed OR tomcat6-javadoc-6.0.41-0.43.1 is installed OR tomcat6-jsp-2_1-api-6.0.41-0.43.1 is installed OR tomcat6-lib-6.0.41-0.43.1 is installed OR tomcat6-servlet-2_5-api-6.0.41-0.43.1 is installed OR tomcat6-webapps-6.0.41-0.43.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Server 11 SP2 is installed AND tomcat6-6.0.18-20.35.36.1 is installed OR tomcat6-admin-webapps-6.0.18-20.35.36.1 is installed OR tomcat6-docs-webapp-6.0.18-20.35.36.1 is installed OR tomcat6-javadoc-6.0.18-20.35.36.1 is installed OR tomcat6-jsp-2_1-api-6.0.18-20.35.36.1 is installed OR tomcat6-lib-6.0.18-20.35.36.1 is installed OR tomcat6-servlet-2_5-api-6.0.18-20.35.36.1 is installed OR tomcat6-webapps-6.0.18-20.35.36.1 is installed OR Package Information SUSE Linux Enterprise Server 11 SP3 is installed AND tomcat6-6.0.18-20.35.40.1 is installed OR tomcat6-admin-webapps-6.0.18-20.35.40.1 is installed OR tomcat6-docs-webapp-6.0.18-20.35.40.1 is installed OR tomcat6-javadoc-6.0.18-20.35.40.1 is installed OR tomcat6-jsp-2_1-api-6.0.18-20.35.40.1 is installed OR tomcat6-lib-6.0.18-20.35.40.1 is installed OR tomcat6-servlet-2_5-api-6.0.18-20.35.40.1 is installed OR tomcat6-webapps-6.0.18-20.35.40.1 is installed OR Package Information SUSE Linux Enterprise Server 11 SP4 is installed AND tomcat6-6.0.41-0.43.1 is installed OR tomcat6-admin-webapps-6.0.41-0.43.1 is installed OR tomcat6-docs-webapp-6.0.41-0.43.1 is installed OR tomcat6-javadoc-6.0.41-0.43.1 is installed OR tomcat6-jsp-2_1-api-6.0.41-0.43.1 is installed OR tomcat6-lib-6.0.41-0.43.1 is installed OR tomcat6-servlet-2_5-api-6.0.41-0.43.1 is installed OR tomcat6-webapps-6.0.41-0.43.1 is installed Definition Synopsis SUSE Linux Enterprise Server 11 SP3 is installed AND Package Information tomcat6-6.0.18-20.35.40 is installed OR tomcat6-admin-webapps-6.0.18-20.35.40 is installed OR tomcat6-docs-webapp-6.0.18-20.35.40 is installed OR tomcat6-javadoc-6.0.18-20.35.40 is installed OR tomcat6-jsp-2_1-api-6.0.18-20.35.40 is installed OR tomcat6-lib-6.0.18-20.35.40 is installed OR tomcat6-servlet-2_5-api-6.0.18-20.35.40 is installed OR tomcat6-webapps-6.0.18-20.35.40 is installed
BACK