4.3

CVSS Score

Basic Information

CVE ID

CVE-2009-0580

GHSA ID

GHSA-w227-xcfx-3pj8

EPSS Score

0.99471%

CWE

CWE-200

Published

5/2/2022

Updated

2/13/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2009-0580

CVE-2009-0580: Exposure of Sensitive Information in Apache Tomcat

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.

(GitHub Advisory)

4.3

CVSS Score

Basic Information

CVE ID

CVE-2009-0580

GHSA ID

GHSA-w227-xcfx-3pj8

EPSS Score

0.99471%

CWE

CWE-200

Published

5/2/2022

Updated

2/13/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tomcat:tomcat	maven	>= 4.1.0, < 4.1.40	4.1.40
org.apache.tomcat:tomcat	maven	>= 5.0.0, < 5.5.28	5.5.28
org.apache.tomcat:tomcat	maven	>= 6.0.0, < 6.0.19	6.0.19

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper error handling in three authentication realms during FORM authentication processing. All three realms (MemoryRealm, DataSourceRealm, JDBCRealm) were explicitly listed in CVE-2009-0580's description as having insufficient error checking when processing malformed j_password parameters. The authentication flow in these realms allowed attackers to infer valid usernames based on how URL decoding failures were handled compared to normal authentication failures. Tomcat's security advisories confirm fixes were applied to these specific realm implementations in subsequent versions, directly implicating their authenticate methods as the vulnerable components.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** Tom**t *.*.* t*rou** *.*.**, *.*.* t*rou** *.*.**, *n* *.*.* t*rou** *.*.**, w**n *ORM *ut**nti**tion is us**, *llows r*mot* *tt**k*rs to *num*r*t* v*li* us*rn*m*s vi* r*qu*sts to /j_s**urity_****k wit* m*l*orm** URL *n*o*in* o* p*sswor*s, r*l

Reasoning

T** vuln*r**ility st*ms *rom improp*r *rror **n*lin* in t*r** *ut**nti**tion r**lms *urin* *ORM *ut**nti**tion pro**ssin*. *ll t*r** r**lms (M*moryR**lm, **t*Sour**R**lm, J***R**lm) w*r* *xpli*itly list** in *V*-****-****'s **s*ription *s **vin* insu

4.3

Basic Information

Concerned about an active attack path?

CVE-2009-0580: Exposure of Sensitive Information in Apache Tomcat

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI