5.8

CVE-2008-0002

EPSS 4.1%
Veröffentlicht 12.02.2008 01:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 26

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version6.0.5

Apache ≫ Tomcat Version6.0.6

Apache ≫ Tomcat Version6.0.7

Apache ≫ Tomcat Version6.0.8

Apache ≫ Tomcat Version6.0.9

Apache ≫ Tomcat Version6.0.10

Apache ≫ Tomcat Version6.0.11

Apache ≫ Tomcat Version6.0.12

Apache ≫ Tomcat Version6.0.13

Apache ≫ Tomcat Version6.0.14

Apache ≫ Tomcat Version6.0.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.1%	0.875

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://tomcat.apache.org/security-6.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/3316

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://secunia.com/advisories/32222

http://support.apple.com/kb/HT3216

http://www.securityfocus.com/bid/31681

http://www.vupen.com/english/advisories/2008/2780

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://secunia.com/advisories/29711

http://secunia.com/advisories/37460

http://secunia.com/advisories/57126

http://security.gentoo.org/glsa/glsa-200804-10.xml

http://secunia.com/advisories/28915

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html

http://www.vupen.com/english/advisories/2008/0488

http://secunia.com/advisories/28834

http://securityreason.com/securityalert/3638

http://www.securityfocus.com/archive/1/487812/100/0/threaded

http://www.securityfocus.com/bid/27703

https://nvd.nist.gov/vuln/detail/CVE-2008-0002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0002

EUVD