Vulns 2009

CVE-2009-4274

This a buffer overflow in Netpbm when loading certain images. If a user or automated system were tricked into opening a specially crafted XPM image, a remote attacker could crash Netpbm. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (cve:CVE-2009-4274)..

CVE-2009-2693

Apache Tomcat allows remote attackers trigger unexpected file deletion and/or alterations. This happens while deploying WAR files, as the WAR files are not checked for directory traversal attempts. This allows an attacker to create arbitrary content outside of the web root. (cve:CVE-2009-2693)

CVE-2009-1190

The Spring Framework was vulnerable to a remote Denial of Service vulnerability when runnning under a 1.5 JVM, as Spring object deserialization routines called into system classes of Java5, that are vulnerable to a timing attack vectors. (cve:CVE-2009-1190)

CVE-2009-1100

A DoS (Denial of Service) vulnerability is caused due to missing restrictions on temporary file creation. This can be exploited by a malicious applet to create large files in the temporary folder via e.g. the "Font.createFont()" method. Also known as CVE-2006-2426, took a while (36months) to fix, possibly due to high complexity of the patch. (cve:CVE-2009-1100, cve:CVE-2006-2426 )

CVE-2009-0091

An untrusted applet could access clipboard information if a drag operation was performed over that applet's canvas. This could lead to an information leak, while dragging data over the applet canvas from one window of another application to a second one (cve:CVE-2009-0091 ).

CVE-2009-0038

Apache Geronimo's web administration was vulnerable to several XSS vectors in the administrative console and related utilities. These allowed a remote attacker to gain access to the administrators cookie and escalate privileges (cve:CVE-2009-0038 ).