Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0002

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-0002
Last Modified 15 Mar 2014 11:22:37
Published 11 Feb 2008 08:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0002

Summary

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

Vulnerable Systems

Application

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.5

  • Apache Tomcat 6.0.6

  • Apache Tomcat 6.0.7

  • Apache Tomcat 6.0.8

  • Apache Tomcat 6.0.9


References

FEDORA - FEDORA-2008-1603

FEDORA - FEDORA-2008-1467

VUPEN - ADV-2009-3316

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-0488

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

BID - 31681

BID - 27703

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20080208 CVE-2008-0002: Tomcat information disclosure vulnerability

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://support.apple.com/kb/HT3216

SREASON - 3638

GENTOO - GLSA-200804-10

SECUNIA - 37460

SECUNIA - 32222

SECUNIA - 29711

SECUNIA - 28915

SECUNIA - 28834

SUSE - SUSE-SR:2009:004

APPLE - APPLE-SA-2008-10-09

HP - HPSBST02955

SECUNIA - 57126

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)


Last Updated: 27 May 2016 10:47:32