2.6

CVE-2008-4308

Exploit
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version4.1.32
ApacheTomcat Version4.1.33
ApacheTomcat Version4.1.34
ApacheTomcat Version5.5.10
ApacheTomcat Version5.5.11
ApacheTomcat Version5.5.12
ApacheTomcat Version5.5.13
ApacheTomcat Version5.5.14
ApacheTomcat Version5.5.15
ApacheTomcat Version5.5.16
ApacheTomcat Version5.5.17
ApacheTomcat Version5.5.18
ApacheTomcat Version5.5.19
ApacheTomcat Version5.5.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.91% 0.889
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://jvn.jp/en/jp/JVN66905322/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
http://secunia.com/advisories/34057
Vendor Advisory
http://www.securityfocus.com/archive/1/501250
http://www.securityfocus.com/bid/33913
http://www.vupen.com/english/advisories/2009/0541
Patch
https://issues.apache.org/bugzilla/show_bug.cgi?id=40771
Vendor Advisory
Exploit