Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4308

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-4308
Last Modified 27 Feb 2009 12:00:00
Published 26 Feb 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-4308

Summary

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

Vulnerable Systems

Application

  • Apache Tomcat 4.1.32

  • Apache Tomcat 4.1.33

  • Apache Tomcat 4.1.34

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.20


References

VUPEN - ADV-2009-0541

MISC - https://issues.apache.org/bugzilla/show_bug.cgi?id=40771

BID - 33913

BUGTRAQ - 20090225 [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability

SECUNIA - 34057

JVNDB - JVNDB-2009-000010

JVN - JVN#66905322


Last Updated: 27 May 2016 10:48:27