Vulnerability-Lookup

CVE-2008-3271 (GCVE-0-2008-3271)

Vulnerability from cvelistv5 – Published: 2008-10-13 18:00 – Updated: 2024-08-07 09:28

Summary

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
	http://www.fujitsu.com/global/support/software/se…	x_refsource_CONFIRM
	http://www.nec.co.jp/security-info/secinfo/nv09-0…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/2800	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/32234	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/497220/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/32398	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://issues.apache.org/bugzilla/show_bug.cgi?i…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/1818	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/4396	third-party-advisoryx_refsource_SREASON
	http://www.securityfocus.com/bid/31698	vdb-entryx_refsource_BID
	http://secunia.com/advisories/35684	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2793	vdb-entryx_refsource_VUPEN
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1021039	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://jvn.jp/en/jp/JVN30732239/index.html	third-party-advisoryx_refsource_JVN
	http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-0…	third-party-advisoryx_refsource_JVNDB
	http://secunia.com/advisories/32213	third-party-advisoryx_refsource_SECUNIA
	https://lists.apache.org/thread.html/29dc6c2b6257…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/c62b0e3a7bf2…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb71997f506c…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:41.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
          },
          {
            "name": "ADV-2008-2800",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2800"
          },
          {
            "name": "32234",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32234"
          },
          {
            "name": "20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
          },
          {
            "name": "32398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32398"
          },
          {
            "name": "SUSE-SR:2008:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
          },
          {
            "name": "ADV-2009-1818",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1818"
          },
          {
            "name": "4396",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4396"
          },
          {
            "name": "31698",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31698"
          },
          {
            "name": "35684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35684"
          },
          {
            "name": "ADV-2008-2793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "1021039",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021039"
          },
          {
            "name": "apache-tomcat-valve-security-bypass(45791)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
          },
          {
            "name": "JVN#30732239",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
          },
          {
            "name": "JVNDB-2008-000069",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
          },
          {
            "name": "32213",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32213"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:07:42.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
        },
        {
          "name": "ADV-2008-2800",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2800"
        },
        {
          "name": "32234",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32234"
        },
        {
          "name": "20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
        },
        {
          "name": "32398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32398"
        },
        {
          "name": "SUSE-SR:2008:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
        },
        {
          "name": "ADV-2009-1818",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1818"
        },
        {
          "name": "4396",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4396"
        },
        {
          "name": "31698",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31698"
        },
        {
          "name": "35684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35684"
        },
        {
          "name": "ADV-2008-2793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "1021039",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021039"
        },
        {
          "name": "apache-tomcat-valve-security-bypass(45791)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
        },
        {
          "name": "JVN#30732239",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
        },
        {
          "name": "JVNDB-2008-000069",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
        },
        {
          "name": "32213",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32213"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3271",
    "datePublished": "2008-10-13T18:00:00.000Z",
    "dateReserved": "2008-07-24T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:28:41.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

JVNDB-2008-000069

Vulnerability from jvndb - Published: 2008-10-10 15:44 - Updated:2009-07-08 11:38

Severity ?

N/A (UNKNOWN) - -

Summary

Apache Tomcat allows access from a non-permitted IP address

Details

Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN30732239/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271
	SECUNIA	http://secunia.com/advisories/32234
	SECUNIA	http://secunia.com/advisories/32213/
	BID	http://www.securityfocus.com/bid/31698
	FRSIRT	http://www.frsirt.com/english/advisories/2008/2793
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Apache Software Foundation	Apache Tomcat
	FUJITSU	Interstage Application Framework Suite
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Apworks
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Job Workload Server
	FUJITSU	Interstage Studio
	FUJITSU	Interstage Web Server
	NEC Corporation	WebOTX Application Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html",
  "dc:date": "2009-07-08T11:38+09:00",
  "dcterms:issued": "2008-10-10T15:44+09:00",
  "dcterms:modified": "2009-07-08T11:38+09:00",
  "description": "Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. \r\n\r\nThis vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. \r\n\r\nKenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:webotx_application_server",
      "@product": "WebOTX Application Server",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000069",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN30732239/index.html",
      "@id": "JVN#30732239",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271",
      "@id": "CVE-2008-3271",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271",
      "@id": "CVE-2008-3271",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/32234",
      "@id": "SA32234",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://secunia.com/advisories/32213/",
      "@id": "SA32213",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/31698",
      "@id": "31698",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2008/2793",
      "@id": "FrSIRT/ADV-2008-2793",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Apache Tomcat allows access from a non-permitted IP address"
}

CERTA-2008-AVI-511

Vulnerability from certfr_avis - Published: 2008-10-15 - Updated: 2008-10-15

Une vulnérabilité a été découverte dans Apache Tomcat. L'exploitation de cette vulnérabilité permet de contourner la politique de sécurité.

Description

Une vulnérabilité a été découverte dans les versions 4 et 5 du serveur applicatif Apache Tomcat. Cette vulnérabilité résulte d'une mauvaise gestion de la synchronisation au moment du contrôle des adresses IP accédant à un filter valve et permet à un utilisateur mal intentionné d'accéder au serveur dans un contexte privilégié.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	Tomcat	Apache Tomcat versions 4.1.31 et versions antérieures ;
	Apache	Tomcat	Apache Tomcat versions 5.5.0 et versions antérieures.

References

Title

Publication Time

GSD-2008-3271

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3271

Aliases

CVE-2008-3271

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3271",
    "description": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
    "id": "GSD-2008-3271",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3271.html",
      "https://access.redhat.com/errata/RHSA-2008:1007"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3271"
      ],
      "details": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
      "id": "GSD-2008-3271",
      "modified": "2023-12-13T01:23:05.457038Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-3271",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tomcat.apache.org/security-4.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "http://tomcat.apache.org/security-5.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN30732239/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
          },
          {
            "name": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html",
            "refsource": "MISC",
            "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
          },
          {
            "name": "http://secunia.com/advisories/32213",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32213"
          },
          {
            "name": "http://secunia.com/advisories/32234",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32234"
          },
          {
            "name": "http://secunia.com/advisories/32398",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32398"
          },
          {
            "name": "http://secunia.com/advisories/35684",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35684"
          },
          {
            "name": "http://securityreason.com/securityalert/4396",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/4396"
          },
          {
            "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html",
            "refsource": "MISC",
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
          },
          {
            "name": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html",
            "refsource": "MISC",
            "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/497220/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/31698",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/31698"
          },
          {
            "name": "http://www.securitytracker.com/id?1021039",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1021039"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/2793",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/2793"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/2800",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/2800"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1818",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1818"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
          },
          {
            "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835",
            "refsource": "MISC",
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-3271"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31698",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31698"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "32234",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32234"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
            },
            {
              "name": "JVN#30732239",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
            },
            {
              "name": "32213",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32213"
            },
            {
              "name": "1021039",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021039"
            },
            {
              "name": "32398",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32398"
            },
            {
              "name": "SUSE-SR:2008:023",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
            },
            {
              "name": "4396",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4396"
            },
            {
              "name": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
            },
            {
              "name": "ADV-2009-1818",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1818"
            },
            {
              "name": "35684",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35684"
            },
            {
              "name": "JVNDB-2008-000069",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
            },
            {
              "name": "ADV-2008-2793",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2793"
            },
            {
              "name": "ADV-2008-2800",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2800"
            },
            {
              "name": "apache-tomcat-valve-security-bypass(45791)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
            },
            {
              "name": "20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
            },
            {
              "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:19Z",
      "publishedDate": "2008-10-13T20:00Z"
    }
  }
}

GHSA-5JPG-MJVG-HFHP

Vulnerability from github – Published: 2022-05-01 23:58 – Updated: 2022-05-01 23:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3271"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-13T20:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
  "id": "GHSA-5jpg-mjvg-hfhp",
  "modified": "2022-05-01T23:58:23Z",
  "published": "2022-05-01T23:58:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32213"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32234"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32398"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35684"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4396"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31698"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021039"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2793"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2800"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1818"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-3271

Vulnerability from fkie_nvd - Published: 2008-10-13 20:00 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://jvn.jp/en/jp/JVN30732239/index.html
secalert@redhat.com	http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
secalert@redhat.com	http://secunia.com/advisories/32213	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32234	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32398	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/35684
secalert@redhat.com	http://securityreason.com/securityalert/4396
secalert@redhat.com	http://tomcat.apache.org/security-4.html	Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-5.html
secalert@redhat.com	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html
secalert@redhat.com	http://www.nec.co.jp/security-info/secinfo/nv09-006.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/497220/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/31698
secalert@redhat.com	http://www.securitytracker.com/id?1021039
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2793
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2800
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1818
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45791
secalert@redhat.com	https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
secalert@redhat.com	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN30732239/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32213	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32234	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32398	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35684
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/4396
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-4.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-5.html
af854a3a-2127-422b-91ae-364da2661108	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html
af854a3a-2127-422b-91ae-364da2661108	http://www.nec.co.jp/security-info/secinfo/nv09-006.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/497220/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31698
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1021039
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2793
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2800
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1818
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/45791
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Impacted products

Vendor	Product	Version
apache	tomcat	4.1.0
apache	tomcat	4.1.1
apache	tomcat	4.1.2
apache	tomcat	4.1.3
apache	tomcat	4.1.3
apache	tomcat	4.1.4
apache	tomcat	4.1.5
apache	tomcat	4.1.6
apache	tomcat	4.1.7
apache	tomcat	4.1.8
apache	tomcat	4.1.9
apache	tomcat	4.1.10
apache	tomcat	4.1.11
apache	tomcat	4.1.12
apache	tomcat	4.1.13
apache	tomcat	4.1.14
apache	tomcat	4.1.15
apache	tomcat	4.1.16
apache	tomcat	4.1.17
apache	tomcat	4.1.18
apache	tomcat	4.1.19
apache	tomcat	4.1.20
apache	tomcat	4.1.21
apache	tomcat	4.1.22
apache	tomcat	4.1.23
apache	tomcat	4.1.24
apache	tomcat	4.1.25
apache	tomcat	4.1.26
apache	tomcat	4.1.27
apache	tomcat	4.1.28
apache	tomcat	4.1.29
apache	tomcat	4.1.30
apache	tomcat	4.1.31
apache	tomcat	5.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E300013-0CE7-4313-A553-74A6A247B3E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D7414-8D0C-45D6-8E87-679DF0201D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CFD9CA-1878-4C74-A9BD-5D581736E6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*",
              "matchCriteriaId": "B7E52BE7-5281-4430-8846-E41CF34FC214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "02860646-1D72-4D9A-AE2A-5868C8EDB3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE4B9B5-9C2E-47E1-9483-88A17264594F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BE92A9B-4B8C-468E-9162-A56ED5313E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE21D455-5B38-4B07-8E25-4EE782501EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "084B3227-FE22-43E3-AE06-7BB257018690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D536FF4-7582-4351-ABE3-876E20F8E7FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB43F47F-5BF9-43A0-BF0E-451B4A8F7137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DDD82E-5D83-4581-B2F3-F12655BBF817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0F0C91-171E-421D-BE86-11567DEFC7BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22D2621-D305-43CE-B00D-9A7563B061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F4245BA-B05C-49DE-B2E0-1E588209ED3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "8633532B-9785-4259-8840-B08529E20DCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F935ED72-58F4-49C1-BD9F-5473E0B9D8CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EA52901-2D16-4F7E-BF5E-780B42A55D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BF6952D-6308-4029-8B63-0BD9C648C60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "94941F86-0BBF-4F30-8F13-FB895A11ED69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
    },
    {
      "lang": "es",
      "value": "Apache Tomcat 5.5.0 y 4.1.0 hasta la 4.1.31 permite a atacantes remotos eludir una restricci\u00f3n de direcci\u00f3n IP y obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud \r\nque se tramita simult\u00e1neamente con otra petici\u00f3n, pero en otro hilo, lo que lleva a una sobreescritura de una variable de instancia asociada con un \"problema de sincronizaci\u00f3n\" y con un fallo de seguridad en la implementaci\u00f3n de los hilos, relacionada con RemoteFilterValve, RemoteAddrValve, y RemoteHostValve."
    }
  ],
  "id": "CVE-2008-3271",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-13T20:00:02.057",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32213"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32234"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32398"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35684"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityreason.com/securityalert/4396"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/31698"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1021039"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2793"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/2800"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1818"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2793"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3271 (GCVE-0-2008-3271)

JVNDB-2008-000069

CERTA-2008-AVI-511

Description

Solution

GSD-2008-3271

GHSA-5JPG-MJVG-HFHP

FKIE_CVE-2008-3271

Tags

Sightings

Nomenclature