Key Vulnerability Information CVE ID: CVE-2009-0783 Vulnerability Type: Apache Tomcat XML External Entity (XXE) Vulnerability CVSS Metrics CVSS 2.0 Base Score: 2.1 - Access Vector: Local - Access Complexity: Low - Authentication: None - Confidentiality Impact: Partial - Integrity Impact: None - Availability Impact: None CVSS 2.0 Temporal Score: 1.6 - Exploitability: Unproven - Remediation Level: Official Fix - Report Confidence: Confirmed Consequences Obtain Information Remedy Upgrade to the latest version of Tomcat (4.1.40, 5.5.28 or 6.0.20 or later), available from The Apache Software Foundation Web site. Affected Products Apache Tomcat 4.1.10 Apache Tomcat 4.1.0 Apache Tomcat 5.5.4 Apache Tomcat 4.1.24 Dependent Products Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.6.2