var-200902-0677
Vulnerability from variot

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.A remote attacker could possibly obtain user credentials such as password, session ID, user ID, etc. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. They have confirmed that Apache Tomcat 6.0.x is not affected. Remote attackers can exploit this issue to obtain sensitive data stored on the server. Information obtained may lead to further attacks. Publication of this issue was then postponed until now at the request of the reporter. For a vulnerability to exist the content read from the input stream must be disclosed, eg via writing it to the response and committing the response, before the ArrayIndexOutOfBoundsException occurs which will halt processing of the request.

Mitigation: Upgrade to: 4.1.35 or later 5.5.21 or later 6.0.0 or later

Example: See original bug report for example of how to create the error condition.

Credit: This issue was discovered by Fujitsu and reported to the Tomcat Security Team via JPCERT.

References: http://tomcat.apache.org/security.html

Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJpdGRb7IeiTPGAkMRAkK+AKC1m5WunqOmwuFYSYEoASF/AokgDQCffmxM U3IdbfYNVtRIzCW5XTvhv2E= =rJGg -----END PGP SIGNATURE----- . ----------------------------------------------------------------------

Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list?

Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/

Click here to trial our solutions: http://secunia.com/advisories/try_vi/


TITLE: Apache Tomcat POST Content Disclosure Vulnerability

SECUNIA ADVISORY ID: SA34057

VERIFY ADVISORY: http://secunia.com/advisories/34057/

DESCRIPTION: A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to potentially disclose sensitive information.

The vulnerability is reported in versions 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20.

PROVIDED AND/OR DISCOVERED BY: The vendor credits Fujitsu, reporting via JPCERT.

ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.mail-archive.com/users@tomcat.apache.org/msg57428.html

JVN: http://jvn.jp/jp/JVN66905322/index.html


About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200902-0677",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "5.5.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "4.1.34"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "5.5.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.32"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.33"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "4.1.32 to 4.1.34"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "5.5.10 to 5.5.20"
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.5.21"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.1.35"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:tomcat",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Fujitsu",
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-4308",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "CVE-2008-4308",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.0,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2009-000010",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2008-4308",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2009-000010",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200902-617",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.A remote attacker could possibly obtain user credentials such as password, session ID, user ID, etc. According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. They have confirmed that Apache Tomcat 6.0.x is not affected. \nRemote attackers can exploit this issue to obtain sensitive data stored on the server. Information obtained may lead to further attacks. Publication of this issue was then\npostponed until now at the request of the reporter. For\na vulnerability to exist the content read from the input stream must be\ndisclosed, eg via writing it to the response and committing the\nresponse, before the ArrayIndexOutOfBoundsException occurs which will\nhalt processing of the request. \n\nMitigation:\nUpgrade to:\n4.1.35 or later\n5.5.21 or later\n6.0.0 or later\n\nExample:\nSee original bug report for example of how to create the error condition. \n\nCredit:\nThis issue was discovered by Fujitsu and reported to the Tomcat Security\nTeam via JPCERT. \n\nReferences:\nhttp://tomcat.apache.org/security.html\n\nMark Thomas\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFJpdGRb7IeiTPGAkMRAkK+AKC1m5WunqOmwuFYSYEoASF/AokgDQCffmxM\nU3IdbfYNVtRIzCW5XTvhv2E=\n=rJGg\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\nDid you know? Our assessment and impact rating along with detailed\ninformation such as exploit code availability, or if an updated patch\nis released by the vendor, is not part of this mailing-list?\n        \nClick here to learn more about our commercial solutions:\nhttp://secunia.com/advisories/business_solutions/\n        \nClick here to trial our solutions:\nhttp://secunia.com/advisories/try_vi/\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Tomcat POST Content Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA34057\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/34057/\n\nDESCRIPTION:\nA vulnerability has been reported in Apache Tomcat, which can be\nexploited by malicious people to potentially disclose sensitive\ninformation.      \n\nThe vulnerability is reported in versions 4.1.32 through 4.1.34 and\n5.5.10 through 5.5.20. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Fujitsu, reporting via JPCERT. \n\nORIGINAL ADVISORY:\nApache Tomcat:\nhttp://tomcat.apache.org/security-4.html\nhttp://tomcat.apache.org/security-5.html\nhttp://www.mail-archive.com/users@tomcat.apache.org/msg57428.html\n\nJVN:\nhttp://jvn.jp/jp/JVN66905322/index.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "db": "PACKETSTORM",
        "id": "75254"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010",
        "trust": 3.2
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "33913",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "34057",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVN66905322",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-0541",
        "trust": 2.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "75211",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "75254",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "db": "PACKETSTORM",
        "id": "75254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "id": "VAR-200902-0677",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.17203079500000001
  },
  "last_update_date": "2024-11-23T22:23:47.410000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apache Tomcat 4.x vulnerabilities CVE-2008-4308",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "title": "Apache Tomcat 5.x vulnerabilities CVE-2008-4308",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "title": "Security Updates",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security"
      },
      {
        "title": "Bug 40771",
        "trust": 0.8,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
      },
      {
        "title": "JVN#66905322",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/jvn-66905322.html"
      },
      {
        "title": "interstage-200901",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200901e.html"
      },
      {
        "title": "Apache Tomcat POST Data Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=90958"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://www.securityfocus.com/bid/33913"
      },
      {
        "trust": 2.4,
        "url": "http://jvn.jp/en/jp/jvn66905322/index.html"
      },
      {
        "trust": 2.4,
        "url": "http://jvndb.jvn.jp/ja/contents/2009/jvndb-2009-000010.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.vupen.com/english/advisories/2009/0541"
      },
      {
        "trust": 1.9,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/34057"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/501250"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/34057/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4308"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4308"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.4,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "trust": 0.4,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "trust": 0.4,
        "url": "http://www.mail-archive.com/users@tomcat.apache.org/msg57428.html"
      },
      {
        "trust": 0.3,
        "url": "http://tomcat.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/501250"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200901e.html"
      },
      {
        "trust": 0.1,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4308"
      },
      {
        "trust": 0.1,
        "url": "http://tomcat.apache.org/security.html"
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/"
      },
      {
        "trust": 0.1,
        "url": "http://jvn.jp/jp/jvn66905322/index.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "db": "PACKETSTORM",
        "id": "75254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "db": "PACKETSTORM",
        "id": "75254"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-02-25T00:00:00",
        "db": "BID",
        "id": "33913"
      },
      {
        "date": "2009-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "date": "2009-02-26T19:20:39",
        "db": "PACKETSTORM",
        "id": "75211"
      },
      {
        "date": "2009-02-27T10:55:31",
        "db": "PACKETSTORM",
        "id": "75254"
      },
      {
        "date": "2009-02-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "date": "2009-02-26T23:30:00.203000",
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-02-26T17:07:00",
        "db": "BID",
        "id": "33913"
      },
      {
        "date": "2009-02-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-000010"
      },
      {
        "date": "2023-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      },
      {
        "date": "2024-11-21T00:51:21.463000",
        "db": "NVD",
        "id": "CVE-2008-4308"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Tomcat POST Data Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "33913"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200902-617"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.