Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3271

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-3271
Last Modified 07 Mar 2011 10:10:31
Published 13 Oct 2008 04:00:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3271

Summary

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

Vulnerable Systems

Application

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.1

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.11

  • Apache Tomcat 4.1.12

  • Apache Tomcat 4.1.13

  • Apache Tomcat 4.1.14

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.16

  • Apache Tomcat 4.1.17

  • Apache Tomcat 4.1.18

  • Apache Tomcat 4.1.19

  • Apache Tomcat 4.1.2

  • Apache Tomcat 4.1.20

  • Apache Tomcat 4.1.21

  • Apache Tomcat 4.1.22

  • Apache Tomcat 4.1.23

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.25

  • Apache Tomcat 4.1.26

  • Apache Tomcat 4.1.27

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.29

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.30

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.4

  • Apache Tomcat 4.1.5

  • Apache Tomcat 4.1.6

  • Apache Tomcat 4.1.7

  • Apache Tomcat 4.1.8

  • Apache Tomcat 4.1.9

  • Apache Tomcat 5.5.0


References

CONFIRM - https://issues.apache.org/bugzilla/show_bug.cgi?id=25835

XF - apache-tomcat-valve-security-bypass(45791)

VUPEN - ADV-2009-1818

VUPEN - ADV-2008-2800

VUPEN - ADV-2008-2793

SECTRACK - 1021039

BID - 31698

BUGTRAQ - 20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure

CONFIRM - http://www.nec.co.jp/security-info/secinfo/nv09-006.html

CONFIRM - http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html

CONFIRM - http://tomcat.apache.org/security-5.html

CONFIRM - http://tomcat.apache.org/security-4.html

SREASON - 4396

SECUNIA - 35684

SECUNIA - 32398

SECUNIA - 32234

SECUNIA - 32213

SUSE - SUSE-SR:2008:023

JVNDB - JVNDB-2008-000069

JVN - JVN#30732239


Last Updated: 27 May 2016 10:48:08