cvelistv5 - CVE-2008-4308

CVE-2008-4308

Vulnerability from cvelistv5

Published

2009-02-26 23:00

Modified

2024-08-07 10:08

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://jvn.jp/en/jp/JVN66905322/index.html
secalert@redhat.com	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
secalert@redhat.com	http://secunia.com/advisories/34057	Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/501250
secalert@redhat.com	http://www.securityfocus.com/bid/33913
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/0541	Patch
secalert@redhat.com	https://issues.apache.org/bugzilla/show_bug.cgi?id=40771	Exploit, Vendor Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN66905322/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34057	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/501250
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33913
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0541	Patch
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/bugzilla/show_bug.cgi?id=40771	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T10:08:35.314Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "JVN#66905322",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_JVN",
                     "x_transferred",
                  ],
                  url: "http://jvn.jp/en/jp/JVN66905322/index.html",
               },
               {
                  name: "ADV-2009-0541",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/0541",
               },
               {
                  name: "JVNDB-2009-000010",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_JVNDB",
                     "x_transferred",
                  ],
                  url: "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
               },
               {
                  name: "34057",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/34057",
               },
               {
                  name: "20090225 [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/501250",
               },
               {
                  name: "33913",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/33913",
               },
               {
                  name: "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2009-02-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-02-13T16:07:36",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "JVN#66905322",
               tags: [
                  "third-party-advisory",
                  "x_refsource_JVN",
               ],
               url: "http://jvn.jp/en/jp/JVN66905322/index.html",
            },
            {
               name: "ADV-2009-0541",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/0541",
            },
            {
               name: "JVNDB-2009-000010",
               tags: [
                  "third-party-advisory",
                  "x_refsource_JVNDB",
               ],
               url: "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
            },
            {
               name: "34057",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/34057",
            },
            {
               name: "20090225 [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/501250",
            },
            {
               name: "33913",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/33913",
            },
            {
               name: "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
            },
            {
               name: "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2008-4308",
      datePublished: "2009-02-26T23:00:00",
      dateReserved: "2008-09-29T00:00:00",
      dateUpdated: "2024-08-07T10:08:35.314Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2008-4308\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-02-26T23:30:00.203\",\"lastModified\":\"2024-11-21T00:51:21.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.\"},{\"lang\":\"es\",\"value\":\"El método doRead en Apache Tomcat v4.1.32 hasta v4.1.34 y v5.5.10 hasta v5.5.20 no devuelve un -1 para indicar que una cierta condición de error ha ocurrido, lo que puede causar Tomcat enviar un contenido POST desde una petición a diferentes peticiones.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"951FFCD7-EAC2-41E6-A53B-F90C540327E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1F2738-C7D6-4206-9227-43F464887FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98EEB6F2-A721-45CF-A856-0E01B043C317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB03FDFB-4DBF-4B70-BFA3-570D1DE67695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F5CF79C-759B-4FF9-90EE-847264059E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"357651FD-392E-4775-BF20-37A23B3ABAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585B9476-6B86-4809-9B9E-26112114CB59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6145036D-4FCE-4EBE-A137-BDFA69BA54F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E437055A-0A81-413F-AB08-0E9D0DC9EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9276A093-9C98-4617-9941-2276995F5848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98575E2-E39A-4A8F-B5B5-BD280B8367BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN66905322/index.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34057\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/501250\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/33913\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0541\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=40771\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jvn.jp/en/jp/JVN66905322/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/501250\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/33913\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=40771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}

CVE-2008-4308

Vulnerability from jvndb

Published

2009-02-26 15:28

Modified

2009-02-26 15:28

Severity ?

() - -

Summary

Apache Tomcat information disclosure vulnerability

Details

Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN66905322/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4308
	SECUNIA	http://secunia.com/advisories/34057/
	BID	http://www.securityfocus.com/bid/33913
	VUPEN	http://www.vupen.com/english/advisories/2009/0541
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache Tomcat
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Studio
	FUJITSU	Interstage Web Server

Show details on JVN DB website

JSON

To clipboard

{
   "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000010.html",
   "dc:date": "2009-02-26T15:28+09:00",
   "dcterms:issued": "2009-02-26T15:28+09:00",
   "dcterms:modified": "2009-02-26T15:28+09:00",
   description: "Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. \r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request.\r\n\r\nThis vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.",
   link: "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000010.html",
   "sec:cpe": [
      {
         "#text": "cpe:/a:apache:tomcat",
         "@product": "Apache Tomcat",
         "@vendor": "Apache Software Foundation",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:fujitsu:interstage_application_server",
         "@product": "Interstage Application Server",
         "@vendor": "FUJITSU",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:fujitsu:interstage_business_application_server",
         "@product": "Interstage Business Application Server",
         "@vendor": "FUJITSU",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:fujitsu:interstage_studio",
         "@product": "Interstage Studio",
         "@vendor": "FUJITSU",
         "@version": "2.2",
      },
      {
         "#text": "cpe:/a:fujitsu:interstage_web_server",
         "@product": "Interstage Web Server",
         "@vendor": "FUJITSU",
         "@version": "2.2",
      },
   ],
   "sec:cvss": {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
      "@version": "2.0",
   },
   "sec:identifier": "JVNDB-2009-000010",
   "sec:references": [
      {
         "#text": "http://jvn.jp/en/jp/JVN66905322/index.html",
         "@id": "JVN#66905322",
         "@source": "JVN",
      },
      {
         "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308",
         "@id": "CVE-2008-4308",
         "@source": "CVE",
      },
      {
         "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4308",
         "@id": "CVE-2008-4308",
         "@source": "NVD",
      },
      {
         "#text": "http://secunia.com/advisories/34057/",
         "@id": "SA34057",
         "@source": "SECUNIA",
      },
      {
         "#text": "http://www.securityfocus.com/bid/33913",
         "@id": "33913",
         "@source": "BID",
      },
      {
         "#text": "http://www.vupen.com/english/advisories/2009/0541",
         "@id": "VUPEN/ADV-2009-0541",
         "@source": "VUPEN",
      },
      {
         "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
         "@id": "JVNDB-2009-000010",
         "@source": "JVNDB_Ja",
      },
      {
         "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
         "@id": "CWE-200",
         "@title": "Information Exposure(CWE-200)",
      },
   ],
   title: "Apache Tomcat information disclosure vulnerability",
}

var-200902-0677

Vulnerability from variot

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.A remote attacker could possibly obtain user credentials such as password, session ID, user ID, etc. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. They have confirmed that Apache Tomcat 6.0.x is not affected. Remote attackers can exploit this issue to obtain sensitive data stored on the server. Information obtained may lead to further attacks. Publication of this issue was then postponed until now at the request of the reporter. For a vulnerability to exist the content read from the input stream must be disclosed, eg via writing it to the response and committing the response, before the ArrayIndexOutOfBoundsException occurs which will halt processing of the request.

Mitigation: Upgrade to: 4.1.35 or later 5.5.21 or later 6.0.0 or later

Example: See original bug report for example of how to create the error condition.

Credit: This issue was discovered by Fujitsu and reported to the Tomcat Security Team via JPCERT.

References: http://tomcat.apache.org/security.html

Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJpdGRb7IeiTPGAkMRAkK+AKC1m5WunqOmwuFYSYEoASF/AokgDQCffmxM U3IdbfYNVtRIzCW5XTvhv2E= =rJGg -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/

Click here to trial our solutions: http://secunia.com/advisories/try_vi/

TITLE: Apache Tomcat POST Content Disclosure Vulnerability

SECUNIA ADVISORY ID: SA34057

VERIFY ADVISORY: http://secunia.com/advisories/34057/

DESCRIPTION: A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to potentially disclose sensitive information.

The vulnerability is reported in versions 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Fujitsu, reporting via JPCERT.

ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.mail-archive.com/users@tomcat.apache.org/msg57428.html

JVN: http://jvn.jp/jp/JVN66905322/index.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200902-0677",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.18",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.17",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.16",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.15",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.14",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.13",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.12",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.11",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "5.5.10",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.9,
            vendor: "apache",
            version: "4.1.34",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.3,
            vendor: "apache",
            version: "5.5.20",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.3,
            vendor: "apache",
            version: "5.5.19",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1.3,
            vendor: "apache",
            version: "4.1.32",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 1,
            vendor: "apache",
            version: "4.1.33",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 0.8,
            vendor: "apache",
            version: "4.1.32 to 4.1.34",
         },
         {
            model: "tomcat",
            scope: "eq",
            trust: 0.8,
            vendor: "apache",
            version: "5.5.10 to 5.5.20",
         },
         {
            model: "interstage application server",
            scope: null,
            trust: 0.8,
            vendor: "fujitsu",
            version: null,
         },
         {
            model: "interstage business application server",
            scope: null,
            trust: 0.8,
            vendor: "fujitsu",
            version: null,
         },
         {
            model: "interstage studio",
            scope: null,
            trust: 0.8,
            vendor: "fujitsu",
            version: null,
         },
         {
            model: "interstage web server",
            scope: null,
            trust: 0.8,
            vendor: "fujitsu",
            version: null,
         },
         {
            model: "interstage studio standard-j edition",
            scope: "eq",
            trust: 0.3,
            vendor: "fujitsu",
            version: "9.0",
         },
         {
            model: "interstage studio enterprise edition",
            scope: "eq",
            trust: 0.3,
            vendor: "fujitsu",
            version: "9.0",
         },
         {
            model: "interstage application server standard-j edition a",
            scope: "eq",
            trust: 0.3,
            vendor: "fujitsu",
            version: "9.0",
         },
         {
            model: "interstage application server standard-j edition",
            scope: "eq",
            trust: 0.3,
            vendor: "fujitsu",
            version: "9.0",
         },
         {
            model: "interstage application server enterprise edition a",
            scope: "eq",
            trust: 0.3,
            vendor: "fujitsu",
            version: "9.0",
         },
         {
            model: "interstage application server enterprise edition",
            scope: "eq",
            trust: 0.3,
            vendor: "fujitsu",
            version: "9.0",
         },
         {
            model: "tomcat",
            scope: "ne",
            trust: 0.3,
            vendor: "apache",
            version: "5.5.21",
         },
         {
            model: "tomcat",
            scope: "ne",
            trust: 0.3,
            vendor: "apache",
            version: "4.1.35",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "33913",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
         {
            db: "NVD",
            id: "CVE-2008-4308",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:apache:tomcat",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:fujitsu:interstage_application_server",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:fujitsu:interstage_business_application_server",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:fujitsu:interstage_studio",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/a:fujitsu:interstage_web_server",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Fujitsu",
      sources: [
         {
            db: "BID",
            id: "33913",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
      ],
      trust: 0.9,
   },
   cve: "CVE-2008-4308",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 2.6,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 4.9,
                  id: "CVE-2008-4308",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "LOW",
                  trust: 1,
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "High",
                  accessVector: "Network",
                  authentication: "None",
                  author: "IPA",
                  availabilityImpact: "None",
                  baseScore: 2.6,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "JVNDB-2009-000010",
                  impactScore: null,
                  integrityImpact: "None",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Low",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2008-4308",
                  trust: 1,
                  value: "LOW",
               },
               {
                  author: "IPA",
                  id: "JVNDB-2009-000010",
                  trust: 0.8,
                  value: "Low",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200902-617",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
         {
            db: "NVD",
            id: "CVE-2008-4308",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.A remote attacker could possibly obtain user credentials such as password, session ID, user ID, etc. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. They have confirmed that Apache Tomcat 6.0.x is not affected. \nRemote attackers can exploit this issue to obtain sensitive data stored on the server. Information obtained may lead to further attacks. Publication of this issue was then\npostponed until now at the request of the reporter. For\na vulnerability to exist the content read from the input stream must be\ndisclosed, eg via writing it to the response and committing the\nresponse, before the ArrayIndexOutOfBoundsException occurs which will\nhalt processing of the request. \n\nMitigation:\nUpgrade to:\n4.1.35 or later\n5.5.21 or later\n6.0.0 or later\n\nExample:\nSee original bug report for example of how to create the error condition. \n\nCredit:\nThis issue was discovered by Fujitsu and reported to the Tomcat Security\nTeam via JPCERT. \n\nReferences:\nhttp://tomcat.apache.org/security.html\n\nMark Thomas\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFJpdGRb7IeiTPGAkMRAkK+AKC1m5WunqOmwuFYSYEoASF/AokgDQCffmxM\nU3IdbfYNVtRIzCW5XTvhv2E=\n=rJGg\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nDid you know? Our assessment and impact rating along with detailed\ninformation such as exploit code availability, or if an updated patch\nis released by the vendor, is not part of this mailing-list?\n        \nClick here to learn more about our commercial solutions:\nhttp://secunia.com/advisories/business_solutions/\n        \nClick here to trial our solutions:\nhttp://secunia.com/advisories/try_vi/\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Tomcat POST Content Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA34057\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34057/\n\nDESCRIPTION:\nA vulnerability has been reported in Apache Tomcat, which can be\nexploited by malicious people to potentially disclose sensitive\ninformation.      \n\nThe vulnerability is reported in versions 4.1.32 through 4.1.34 and\n5.5.10 through 5.5.20. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Fujitsu, reporting via JPCERT. \n\nORIGINAL ADVISORY:\nApache Tomcat:\nhttp://tomcat.apache.org/security-4.html\nhttp://tomcat.apache.org/security-5.html\nhttp://www.mail-archive.com/users@tomcat.apache.org/msg57428.html\n\nJVN:\nhttp://jvn.jp/jp/JVN66905322/index.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2008-4308",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            db: "BID",
            id: "33913",
         },
         {
            db: "PACKETSTORM",
            id: "75211",
         },
         {
            db: "PACKETSTORM",
            id: "75254",
         },
      ],
      trust: 2.07,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
            trust: 3.2,
         },
         {
            db: "NVD",
            id: "CVE-2008-4308",
            trust: 2.8,
         },
         {
            db: "BID",
            id: "33913",
            trust: 2.7,
         },
         {
            db: "SECUNIA",
            id: "34057",
            trust: 2.6,
         },
         {
            db: "JVN",
            id: "JVN66905322",
            trust: 2.5,
         },
         {
            db: "VUPEN",
            id: "ADV-2009-0541",
            trust: 2.4,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "75211",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "75254",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "BID",
            id: "33913",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            db: "PACKETSTORM",
            id: "75211",
         },
         {
            db: "PACKETSTORM",
            id: "75254",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
         {
            db: "NVD",
            id: "CVE-2008-4308",
         },
      ],
   },
   id: "VAR-200902-0677",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.17203079500000001,
   },
   last_update_date: "2024-11-23T22:23:47.410000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "Apache Tomcat 4.x vulnerabilities CVE-2008-4308",
            trust: 0.8,
            url: "http://tomcat.apache.org/security-4.html",
         },
         {
            title: "Apache Tomcat 5.x vulnerabilities CVE-2008-4308",
            trust: 0.8,
            url: "http://tomcat.apache.org/security-5.html",
         },
         {
            title: "Security Updates",
            trust: 0.8,
            url: "http://tomcat.apache.org/security",
         },
         {
            title: "Bug 40771",
            trust: 0.8,
            url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
         },
         {
            title: "JVN#66905322",
            trust: 0.8,
            url: "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-66905322.html",
         },
         {
            title: "interstage-200901",
            trust: 0.8,
            url: "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200901e.html",
         },
         {
            title: "Apache Tomcat POST Data Repair measures for information disclosure vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=90958",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-200",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            db: "NVD",
            id: "CVE-2008-4308",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3,
            url: "http://www.securityfocus.com/bid/33913",
         },
         {
            trust: 2.4,
            url: "http://jvn.jp/en/jp/jvn66905322/index.html",
         },
         {
            trust: 2.4,
            url: "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-000010.html",
         },
         {
            trust: 2.4,
            url: "http://www.vupen.com/english/advisories/2009/0541",
         },
         {
            trust: 1.9,
            url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
         },
         {
            trust: 1.6,
            url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 1.6,
            url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/34057",
         },
         {
            trust: 1.6,
            url: "http://www.securityfocus.com/archive/1/501250",
         },
         {
            trust: 1.6,
            url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 0.9,
            url: "http://secunia.com/advisories/34057/",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4308",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4308",
         },
         {
            trust: 0.6,
            url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 0.6,
            url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e",
         },
         {
            trust: 0.4,
            url: "http://tomcat.apache.org/security-4.html",
         },
         {
            trust: 0.4,
            url: "http://tomcat.apache.org/security-5.html",
         },
         {
            trust: 0.4,
            url: "http://www.mail-archive.com/users@tomcat.apache.org/msg57428.html",
         },
         {
            trust: 0.3,
            url: "http://tomcat.apache.org/",
         },
         {
            trust: 0.3,
            url: "/archive/1/501250",
         },
         {
            trust: 0.3,
            url: "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200901e.html",
         },
         {
            trust: 0.1,
            url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771)",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2008-4308",
         },
         {
            trust: 0.1,
            url: "http://tomcat.apache.org/security.html",
         },
         {
            trust: 0.1,
            url: "http://enigmail.mozdev.org",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/secunia_security_advisories/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/business_solutions/",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/try_vi/",
         },
         {
            trust: 0.1,
            url: "http://jvn.jp/jp/jvn66905322/index.html",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org",
         },
         {
            trust: 0.1,
            url: "http://secunia.com/advisories/about_secunia_advisories/",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "33913",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            db: "PACKETSTORM",
            id: "75211",
         },
         {
            db: "PACKETSTORM",
            id: "75254",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
         {
            db: "NVD",
            id: "CVE-2008-4308",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "BID",
            id: "33913",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            db: "PACKETSTORM",
            id: "75211",
         },
         {
            db: "PACKETSTORM",
            id: "75254",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
         {
            db: "NVD",
            id: "CVE-2008-4308",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2009-02-25T00:00:00",
            db: "BID",
            id: "33913",
         },
         {
            date: "2009-02-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            date: "2009-02-26T19:20:39",
            db: "PACKETSTORM",
            id: "75211",
         },
         {
            date: "2009-02-27T10:55:31",
            db: "PACKETSTORM",
            id: "75254",
         },
         {
            date: "2009-02-26T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
         {
            date: "2009-02-26T23:30:00.203000",
            db: "NVD",
            id: "CVE-2008-4308",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2009-02-26T17:07:00",
            db: "BID",
            id: "33913",
         },
         {
            date: "2009-02-26T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2009-000010",
         },
         {
            date: "2023-02-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
         {
            date: "2024-11-21T00:51:21.463000",
            db: "NVD",
            id: "CVE-2008-4308",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Apache Tomcat POST Data Information Disclosure Vulnerability",
      sources: [
         {
            db: "BID",
            id: "33913",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
      ],
      trust: 0.9,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "information disclosure",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200902-617",
         },
      ],
      trust: 0.6,
   },
}

ghsa-7g59-hm8v-cwmc

Vulnerability from github

Published

2022-05-02 00:08

Modified

2024-02-09 16:55

Summary

Apache Tomcat information disclosure vulnerability

Details

Show details on source website

JSON

To clipboard

{
   affected: [
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.tomcat:tomcat",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "4.1.32",
                  },
                  {
                     fixed: "4.1.35",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
      {
         package: {
            ecosystem: "Maven",
            name: "org.apache.tomcat:tomcat",
         },
         ranges: [
            {
               events: [
                  {
                     introduced: "5.5.10",
                  },
                  {
                     fixed: "5.5.21",
                  },
               ],
               type: "ECOSYSTEM",
            },
         ],
      },
   ],
   aliases: [
      "CVE-2008-4308",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-200",
      ],
      github_reviewed: true,
      github_reviewed_at: "2024-02-09T16:55:53Z",
      nvd_published_at: "2009-02-26T23:30:00Z",
      severity: "LOW",
   },
   details: "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
   id: "GHSA-7g59-hm8v-cwmc",
   modified: "2024-02-09T16:55:53Z",
   published: "2022-05-02T00:08:50Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2008-4308",
      },
      {
         type: "PACKAGE",
         url: "https://github.com/apache/tomcat",
      },
      {
         type: "WEB",
         url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E",
      },
      {
         type: "WEB",
         url: "https://web.archive.org/web/20090228052951/http://secunia.com/advisories/34057",
      },
      {
         type: "WEB",
         url: "https://web.archive.org/web/20111229174634/http://www.securityfocus.com/archive/1/501250",
      },
      {
         type: "WEB",
         url: "https://web.archive.org/web/20201207165808/http://www.securityfocus.com/bid/33913",
      },
      {
         type: "WEB",
         url: "http://jvn.jp/en/jp/JVN66905322/index.html",
      },
      {
         type: "WEB",
         url: "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
   summary: "Apache Tomcat information disclosure vulnerability",
}

fkie_cve-2008-4308

Vulnerability from fkie_nvd

Published

2009-02-26 23:30

Modified

2024-11-21 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://jvn.jp/en/jp/JVN66905322/index.html
secalert@redhat.com	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
secalert@redhat.com	http://secunia.com/advisories/34057	Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/501250
secalert@redhat.com	http://www.securityfocus.com/bid/33913
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/0541	Patch
secalert@redhat.com	https://issues.apache.org/bugzilla/show_bug.cgi?id=40771	Exploit, Vendor Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN66905322/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34057	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/501250
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33913
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0541	Patch
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/bugzilla/show_bug.cgi?id=40771	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Impacted products

Vendor	Product	Version
apache	tomcat	4.1.32
apache	tomcat	4.1.33
apache	tomcat	4.1.34
apache	tomcat	5.5.10
apache	tomcat	5.5.11
apache	tomcat	5.5.12
apache	tomcat	5.5.13
apache	tomcat	5.5.14
apache	tomcat	5.5.15
apache	tomcat	5.5.16
apache	tomcat	5.5.17
apache	tomcat	5.5.18
apache	tomcat	5.5.19
apache	tomcat	5.5.20

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
                     matchCriteriaId: "951FFCD7-EAC2-41E6-A53B-F90C540327E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF1F2738-C7D6-4206-9227-43F464887FF5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
                     matchCriteriaId: "98EEB6F2-A721-45CF-A856-0E01B043C317",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F5CF79C-759B-4FF9-90EE-847264059E93",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "357651FD-392E-4775-BF20-37A23B3ABAE4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
                     matchCriteriaId: "585B9476-6B86-4809-9B9E-26112114CB59",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
                     matchCriteriaId: "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
                     matchCriteriaId: "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
                     matchCriteriaId: "9276A093-9C98-4617-9941-2276995F5848",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
                     matchCriteriaId: "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
                     matchCriteriaId: "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
                     matchCriteriaId: "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
      },
      {
         lang: "es",
         value: "El método doRead en Apache Tomcat v4.1.32 hasta v4.1.34 y v5.5.10 hasta v5.5.20 no devuelve un -1 para indicar que una cierta condición de error ha ocurrido, lo que puede causar Tomcat enviar un contenido POST desde una petición a diferentes peticiones.",
      },
   ],
   id: "CVE-2008-4308",
   lastModified: "2024-11-21T00:51:21.463",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-02-26T23:30:00.203",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://jvn.jp/en/jp/JVN66905322/index.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/34057",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/archive/1/501250",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/33913",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.vupen.com/english/advisories/2009/0541",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://jvn.jp/en/jp/JVN66905322/index.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/34057",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/501250",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/33913",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.vupen.com/english/advisories/2009/0541",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

gsd-2008-4308

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-4308

Aliases

CVE-2008-4308

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2008-4308",
      description: "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
      id: "GSD-2008-4308",
      references: [
         "https://www.suse.com/security/cve/CVE-2008-4308.html",
      ],
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2008-4308",
         ],
         details: "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
         id: "GSD-2008-4308",
         modified: "2023-12-13T01:22:59.954904Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "secalert@redhat.com",
            ID: "CVE-2008-4308",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_affected: "=",
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
                  refsource: "MISC",
                  url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
                  refsource: "MISC",
                  url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
                  refsource: "MISC",
                  url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
               },
               {
                  name: "http://jvn.jp/en/jp/JVN66905322/index.html",
                  refsource: "MISC",
                  url: "http://jvn.jp/en/jp/JVN66905322/index.html",
               },
               {
                  name: "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
                  refsource: "MISC",
                  url: "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
               },
               {
                  name: "http://secunia.com/advisories/34057",
                  refsource: "MISC",
                  url: "http://secunia.com/advisories/34057",
               },
               {
                  name: "http://www.securityfocus.com/archive/1/501250",
                  refsource: "MISC",
                  url: "http://www.securityfocus.com/archive/1/501250",
               },
               {
                  name: "http://www.securityfocus.com/bid/33913",
                  refsource: "MISC",
                  url: "http://www.securityfocus.com/bid/33913",
               },
               {
                  name: "http://www.vupen.com/english/advisories/2009/0541",
                  refsource: "MISC",
                  url: "http://www.vupen.com/english/advisories/2009/0541",
               },
               {
                  name: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
                  refsource: "MISC",
                  url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2008-4308",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-200",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "34057",
                     refsource: "SECUNIA",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "http://secunia.com/advisories/34057",
                  },
                  {
                     name: "ADV-2009-0541",
                     refsource: "VUPEN",
                     tags: [
                        "Patch",
                     ],
                     url: "http://www.vupen.com/english/advisories/2009/0541",
                  },
                  {
                     name: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
                     refsource: "MISC",
                     tags: [
                        "Exploit",
                        "Vendor Advisory",
                     ],
                     url: "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
                  },
                  {
                     name: "JVNDB-2009-000010",
                     refsource: "JVNDB",
                     tags: [],
                     url: "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
                  },
                  {
                     name: "33913",
                     refsource: "BID",
                     tags: [],
                     url: "http://www.securityfocus.com/bid/33913",
                  },
                  {
                     name: "JVN#66905322",
                     refsource: "JVN",
                     tags: [],
                     url: "http://jvn.jp/en/jp/JVN66905322/index.html",
                  },
                  {
                     name: "20090225 [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability",
                     refsource: "BUGTRAQ",
                     tags: [],
                     url: "http://www.securityfocus.com/archive/1/501250",
                  },
                  {
                     name: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
                     refsource: "MISC",
                     tags: [],
                     url: "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
                     refsource: "MISC",
                     tags: [],
                     url: "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
                  },
                  {
                     name: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
                     refsource: "MISC",
                     tags: [],
                     url: "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 2.6,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               exploitabilityScore: 4.9,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "LOW",
               userInteractionRequired: false,
            },
         },
         lastModifiedDate: "2023-02-13T02:19Z",
         publishedDate: "2009-02-26T23:30Z",
      },
   },
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-4308

Vulnerability from cvelistv5

CVE-2008-4308

Vulnerability from jvndb

var-200902-0677

Vulnerability from variot

ghsa-7g59-hm8v-cwmc

Vulnerability from github

fkie_cve-2008-4308

Vulnerability from fkie_nvd

gsd-2008-4308

Vulnerability from gsd

Tags

Sightings

Nomenclature