What is CVE-2009-0580?

CVE-2009-0580 is a vulnerability in N/a. Published 2009-06-05.

Is CVE-2009-0580 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-0580

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of pas…

EPSS: 0.882 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

oval:org.mitre.oval:def:9101 (x_refsource_OVAL, signature, vdb-entry)
tomcat.apache.org/security-4.html (x_refsource_CONFIRM)
oval:org.mitre.oval:def:18915 (x_refsource_OVAL, signature, vdb-entry)
HPSBMA02535 (x_refsource_HP, vendor-advisory)
35326 (x_refsource_SECUNIA, third-party-advisory)
MDVSA-2009:138 (vendor-advisory, x_refsource_MANDRIVA)
FEDORA-2009-11356 (x_refsource_FEDORA, vendor-advisory)
DSA-2207 (vendor-advisory, x_refsource_DEBIAN)
35196 (vdb-entry, x_refsource_BID)
35344 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2009-0580?: CVE-2009-0580 is a vulnerability in N/a. Published 2009-06-05.
Is CVE-2009-0580 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.