cvelistv5 - cve-2008-4308

CVE-2008-4308 (GCVE-0-2008-4308)

Vulnerability from cvelistv5

Published

2009-02-26 23:00

Modified

2024-08-07 10:08

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

ghsa-7g59-hm8v-cwmc

Vulnerability from github

Published

2022-05-02 00:08

Modified

2024-02-09 16:55

Summary

Apache Tomcat information disclosure vulnerability

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.32"
            },
            {
              "fixed": "4.1.35"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.10"
            },
            {
              "fixed": "5.5.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2008-4308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T16:55:53Z",
    "nvd_published_at": "2009-02-26T23:30:00Z",
    "severity": "LOW"
  },
  "details": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
  "id": "GHSA-7g59-hm8v-cwmc",
  "modified": "2024-02-09T16:55:53Z",
  "published": "2022-05-02T00:08:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4308"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20090228052951/http://secunia.com/advisories/34057"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20111229174634/http://www.securityfocus.com/archive/1/501250"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20201207165808/http://www.securityfocus.com/bid/33913"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN66905322/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Apache Tomcat information disclosure vulnerability"
}

cve-2008-4308

Vulnerability from jvndb

Published

2009-02-26 15:28

Modified

2009-02-26 15:28

Severity ?

() - -

Summary

Apache Tomcat information disclosure vulnerability

Details

Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN66905322/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4308
	SECUNIA	http://secunia.com/advisories/34057/
	BID	http://www.securityfocus.com/bid/33913
	VUPEN	http://www.vupen.com/english/advisories/2009/0541
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Apache Software Foundation	Apache Tomcat
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Studio
	FUJITSU	Interstage Web Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000010.html",
  "dc:date": "2009-02-26T15:28+09:00",
  "dcterms:issued": "2009-02-26T15:28+09:00",
  "dcterms:modified": "2009-02-26T15:28+09:00",
  "description": "Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. \r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request.\r\n\r\nThis vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000010.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000010",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN66905322/index.html",
      "@id": "JVN#66905322",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308",
      "@id": "CVE-2008-4308",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4308",
      "@id": "CVE-2008-4308",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/34057/",
      "@id": "SA34057",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/33913",
      "@id": "33913",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/0541",
      "@id": "VUPEN/ADV-2009-0541",
      "@source": "VUPEN"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
      "@id": "JVNDB-2009-000010",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Apache Tomcat information disclosure vulnerability"
}

gsd-2008-4308

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2008-4308

Aliases

CVE-2008-4308

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-4308",
    "description": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
    "id": "GSD-2008-4308",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-4308.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-4308"
      ],
      "details": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.",
      "id": "GSD-2008-4308",
      "modified": "2023-12-13T01:22:59.954904Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-4308",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN66905322/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN66905322/index.html"
          },
          {
            "name": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
            "refsource": "MISC",
            "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html"
          },
          {
            "name": "http://secunia.com/advisories/34057",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34057"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/501250",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/501250"
          },
          {
            "name": "http://www.securityfocus.com/bid/33913",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/33913"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/0541",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/0541"
          },
          {
            "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
            "refsource": "MISC",
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-4308"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "34057",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34057"
            },
            {
              "name": "ADV-2009-0541",
              "refsource": "VUPEN",
              "tags": [
                "Patch"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0541"
            },
            {
              "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
            },
            {
              "name": "JVNDB-2009-000010",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html"
            },
            {
              "name": "33913",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33913"
            },
            {
              "name": "JVN#66905322",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN66905322/index.html"
            },
            {
              "name": "20090225 [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/501250"
            },
            {
              "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:19Z",
      "publishedDate": "2009-02-26T23:30Z"
    }
  }
}

fkie_cve-2008-4308

Vulnerability from fkie_nvd

Published

2009-02-26 23:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://jvn.jp/en/jp/JVN66905322/index.html
secalert@redhat.com	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
secalert@redhat.com	http://secunia.com/advisories/34057	Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/501250
secalert@redhat.com	http://www.securityfocus.com/bid/33913
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/0541	Patch
secalert@redhat.com	https://issues.apache.org/bugzilla/show_bug.cgi?id=40771	Exploit, Vendor Advisory
secalert@redhat.com	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN66905322/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34057	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/501250
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33913
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0541	Patch
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/bugzilla/show_bug.cgi?id=40771	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Impacted products

Vendor	Product	Version
apache	tomcat	4.1.32
apache	tomcat	4.1.33
apache	tomcat	4.1.34
apache	tomcat	5.5.10
apache	tomcat	5.5.11
apache	tomcat	5.5.12
apache	tomcat	5.5.13
apache	tomcat	5.5.14
apache	tomcat	5.5.15
apache	tomcat	5.5.16
apache	tomcat	5.5.17
apache	tomcat	5.5.18
apache	tomcat	5.5.19
apache	tomcat	5.5.20

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "951FFCD7-EAC2-41E6-A53B-F90C540327E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF1F2738-C7D6-4206-9227-43F464887FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "98EEB6F2-A721-45CF-A856-0E01B043C317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request."
    },
    {
      "lang": "es",
      "value": "El m\u00e9todo doRead en Apache Tomcat v4.1.32 hasta v4.1.34 y v5.5.10 hasta v5.5.20 no devuelve un -1 para indicar que una cierta condici\u00f3n de error ha ocurrido, lo que puede causar Tomcat enviar un contenido POST desde una petici\u00f3n a diferentes peticiones."
    }
  ],
  "id": "CVE-2008-4308",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-02-26T23:30:00.203",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://jvn.jp/en/jp/JVN66905322/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34057"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/501250"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/33913"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0541"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN66905322/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/501250"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2009-AVI-082

Vulnerability from certfr_avis

Une vulnérabilité affectant Apache Tomcat permet à une personne malintentionnée de porter atteinte à la confidentialité des données.

Description

Une erreur dans le traitement des données envoyées via la méthode POST par Apache Tomcat permet à une personne malintentionnée d'obtenir les données envoyées via le requêtes POST précédente.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	Tomcat	Apache Tomcat versions 5.5.10 à 5.5.20.
	Apache	Tomcat	Apache Tomcat versions 4.1.32 à 4.1.34 ;

References

Title

Publication Time

var-200902-0677

Vulnerability from variot

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.A remote attacker could possibly obtain user credentials such as password, session ID, user ID, etc. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. They have confirmed that Apache Tomcat 6.0.x is not affected. Remote attackers can exploit this issue to obtain sensitive data stored on the server. Information obtained may lead to further attacks. Publication of this issue was then postponed until now at the request of the reporter. For a vulnerability to exist the content read from the input stream must be disclosed, eg via writing it to the response and committing the response, before the ArrayIndexOutOfBoundsException occurs which will halt processing of the request.

Mitigation: Upgrade to: 4.1.35 or later 5.5.21 or later 6.0.0 or later

Example: See original bug report for example of how to create the error condition.

Credit: This issue was discovered by Fujitsu and reported to the Tomcat Security Team via JPCERT.

References: http://tomcat.apache.org/security.html

Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJpdGRb7IeiTPGAkMRAkK+AKC1m5WunqOmwuFYSYEoASF/AokgDQCffmxM U3IdbfYNVtRIzCW5XTvhv2E= =rJGg -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/

Click here to trial our solutions: http://secunia.com/advisories/try_vi/

TITLE: Apache Tomcat POST Content Disclosure Vulnerability

SECUNIA ADVISORY ID: SA34057

VERIFY ADVISORY: http://secunia.com/advisories/34057/

DESCRIPTION: A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to potentially disclose sensitive information.

The vulnerability is reported in versions 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Fujitsu, reporting via JPCERT.

ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.mail-archive.com/users@tomcat.apache.org/msg57428.html

JVN: http://jvn.jp/jp/JVN66905322/index.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200902-0677",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "4.1.34"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.32"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.33"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "4.1.32 to 4.1.34"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "5.5.10 to 5.5.20"
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.21"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.1.35"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:tomcat",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fujitsu",
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-4308",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CVE-2008-4308",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2009-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-4308",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2009-000010",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200902-617",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.A remote attacker could possibly obtain user credentials such as password, session ID, user ID, etc. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. They have confirmed that Apache Tomcat 6.0.x is not affected. \nRemote attackers can exploit this issue to obtain sensitive data stored on the server. Information obtained may lead to further attacks. Publication of this issue was then\npostponed until now at the request of the reporter. For\na vulnerability to exist the content read from the input stream must be\ndisclosed, eg via writing it to the response and committing the\nresponse, before the ArrayIndexOutOfBoundsException occurs which will\nhalt processing of the request. \n\nMitigation:\nUpgrade to:\n4.1.35 or later\n5.5.21 or later\n6.0.0 or later\n\nExample:\nSee original bug report for example of how to create the error condition. \n\nCredit:\nThis issue was discovered by Fujitsu and reported to the Tomcat Security\nTeam via JPCERT. \n\nReferences:\nhttp://tomcat.apache.org/security.html\n\nMark Thomas\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFJpdGRb7IeiTPGAkMRAkK+AKC1m5WunqOmwuFYSYEoASF/AokgDQCffmxM\nU3IdbfYNVtRIzCW5XTvhv2E=\n=rJGg\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nDid you know? Our assessment and impact rating along with detailed\ninformation such as exploit code availability, or if an updated patch\nis released by the vendor, is not part of this mailing-list?\n        \nClick here to learn more about our commercial solutions:\nhttp://secunia.com/advisories/business_solutions/\n        \nClick here to trial our solutions:\nhttp://secunia.com/advisories/try_vi/\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Tomcat POST Content Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA34057\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34057/\n\nDESCRIPTION:\nA vulnerability has been reported in Apache Tomcat, which can be\nexploited by malicious people to potentially disclose sensitive\ninformation.      \n\nThe vulnerability is reported in versions 4.1.32 through 4.1.34 and\n5.5.10 through 5.5.20. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Fujitsu, reporting via JPCERT. \n\nORIGINAL ADVISORY:\nApache Tomcat:\nhttp://tomcat.apache.org/security-4.html\nhttp://tomcat.apache.org/security-5.html\nhttp://www.mail-archive.com/users@tomcat.apache.org/msg57428.html\n\nJVN:\nhttp://jvn.jp/jp/JVN66905322/index.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "db": "PACKETSTORM",
        "id": "75254"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010",
        "trust": 3.2
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "33913",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "34057",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVN66905322",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0541",
        "trust": 2.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "75211",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "75254",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "db": "PACKETSTORM",
        "id": "75254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "id": "VAR-200902-0677",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.17203079500000001
  },
  "last_update_date": "2024-11-23T22:23:47.410000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Tomcat 4.x vulnerabilities CVE-2008-4308",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "title": "Apache Tomcat 5.x vulnerabilities CVE-2008-4308",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "title": "Security Updates",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security"
      },
      {
        "title": "Bug 40771",
        "trust": 0.8,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
      },
      {
        "title": "JVN#66905322",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-66905322.html"
      },
      {
        "title": "interstage-200901",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200901e.html"
      },
      {
        "title": "Apache Tomcat POST Data Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=90958"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://www.securityfocus.com/bid/33913"
      },
      {
        "trust": 2.4,
        "url": "http://jvn.jp/en/jp/jvn66905322/index.html"
      },
      {
        "trust": 2.4,
        "url": "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-000010.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.vupen.com/english/advisories/2009/0541"
      },
      {
        "trust": 1.9,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/34057"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/501250"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/34057/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4308"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4308"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.4,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "trust": 0.4,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "trust": 0.4,
        "url": "http://www.mail-archive.com/users@tomcat.apache.org/msg57428.html"
      },
      {
        "trust": 0.3,
        "url": "http://tomcat.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/501250"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200901e.html"
      },
      {
        "trust": 0.1,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4308"
      },
      {
        "trust": 0.1,
        "url": "http://tomcat.apache.org/security.html"
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/"
      },
      {
        "trust": 0.1,
        "url": "http://jvn.jp/jp/jvn66905322/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "db": "PACKETSTORM",
        "id": "75254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "db": "PACKETSTORM",
        "id": "75254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-02-25T00:00:00",
        "db": "BID",
        "id": "33913"
      },
      {
        "date": "2009-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "date": "2009-02-26T19:20:39",
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "date": "2009-02-27T10:55:31",
        "db": "PACKETSTORM",
        "id": "75254"
      },
      {
        "date": "2009-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "date": "2009-02-26T23:30:00.203000",
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-02-26T17:07:00",
        "db": "BID",
        "id": "33913"
      },
      {
        "date": "2009-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "date": "2023-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "date": "2024-11-21T00:51:21.463000",
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Tomcat POST Data Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-4308 (GCVE-0-2008-4308)

Vulnerability from cvelistv5

ghsa-7g59-hm8v-cwmc

Vulnerability from github

cve-2008-4308

Vulnerability from jvndb

gsd-2008-4308

Vulnerability from gsd

fkie_cve-2008-4308

Vulnerability from fkie_nvd

CERTA-2009-AVI-082

Vulnerability from certfr_avis

Description

Solution

var-200902-0677

Vulnerability from variot

Tags

Sightings

Nomenclature