5.8

CVE-2008-0002

EPSS 4.1%
Published 12.02.2008 01:00:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

Affected products Warnungen 0 Metrics 2 CWE 0 References 26

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Tomcat Version6.0.5

Apache ≫ Tomcat Version6.0.6

Apache ≫ Tomcat Version6.0.7

Apache ≫ Tomcat Version6.0.8

Apache ≫ Tomcat Version6.0.9

Apache ≫ Tomcat Version6.0.10

Apache ≫ Tomcat Version6.0.11

Apache ≫ Tomcat Version6.0.12

Apache ≫ Tomcat Version6.0.13

Apache ≫ Tomcat Version6.0.14

Apache ≫ Tomcat Version6.0.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.1%	0.875

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

http://tomcat.apache.org/security-6.html

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.vupen.com/english/advisories/2009/3316

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

http://secunia.com/advisories/32222

http://support.apple.com/kb/HT3216

http://www.securityfocus.com/bid/31681

http://www.vupen.com/english/advisories/2008/2780

http://marc.info/?l=bugtraq&m=139344343412337&w=2

http://secunia.com/advisories/29711

http://secunia.com/advisories/37460

http://secunia.com/advisories/57126

http://security.gentoo.org/glsa/glsa-200804-10.xml

http://secunia.com/advisories/28915

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html

http://www.vupen.com/english/advisories/2008/0488

http://secunia.com/advisories/28834

http://securityreason.com/securityalert/3638

http://www.securityfocus.com/archive/1/487812/100/0/threaded

http://www.securityfocus.com/bid/27703

https://nvd.nist.gov/vuln/detail/CVE-2008-0002

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0002

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0002

EUVD