cvelistv5 - CVE-2008-3271

CVE-2008-3271

Vulnerability from cvelistv5

Published

2008-10-13 18:00

Modified

2024-08-07 09:28

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://jvn.jp/en/jp/JVN30732239/index.html
secalert@redhat.com	http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
secalert@redhat.com	http://secunia.com/advisories/32213	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32234	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/32398	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/35684
secalert@redhat.com	http://securityreason.com/securityalert/4396
secalert@redhat.com	http://tomcat.apache.org/security-4.html	Vendor Advisory
secalert@redhat.com	http://tomcat.apache.org/security-5.html
secalert@redhat.com	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html
secalert@redhat.com	http://www.nec.co.jp/security-info/secinfo/nv09-006.html
secalert@redhat.com	http://www.securityfocus.com/archive/1/497220/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/31698
secalert@redhat.com	http://www.securitytracker.com/id?1021039
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2793
secalert@redhat.com	http://www.vupen.com/english/advisories/2008/2800
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1818
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/45791
secalert@redhat.com	https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
secalert@redhat.com	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:28:41.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
          },
          {
            "name": "ADV-2008-2800",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2800"
          },
          {
            "name": "32234",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32234"
          },
          {
            "name": "20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
          },
          {
            "name": "32398",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32398"
          },
          {
            "name": "SUSE-SR:2008:023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
          },
          {
            "name": "ADV-2009-1818",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1818"
          },
          {
            "name": "4396",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4396"
          },
          {
            "name": "31698",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31698"
          },
          {
            "name": "35684",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35684"
          },
          {
            "name": "ADV-2008-2793",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "1021039",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021039"
          },
          {
            "name": "apache-tomcat-valve-security-bypass(45791)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
          },
          {
            "name": "JVN#30732239",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
          },
          {
            "name": "JVNDB-2008-000069",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
          },
          {
            "name": "32213",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32213"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:07:42",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
        },
        {
          "name": "ADV-2008-2800",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2800"
        },
        {
          "name": "32234",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32234"
        },
        {
          "name": "20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
        },
        {
          "name": "32398",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32398"
        },
        {
          "name": "SUSE-SR:2008:023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
        },
        {
          "name": "ADV-2009-1818",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1818"
        },
        {
          "name": "4396",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4396"
        },
        {
          "name": "31698",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31698"
        },
        {
          "name": "35684",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35684"
        },
        {
          "name": "ADV-2008-2793",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "1021039",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021039"
        },
        {
          "name": "apache-tomcat-valve-security-bypass(45791)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
        },
        {
          "name": "JVN#30732239",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
        },
        {
          "name": "JVNDB-2008-000069",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
        },
        {
          "name": "32213",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32213"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-3271",
    "datePublished": "2008-10-13T18:00:00",
    "dateReserved": "2008-07-24T00:00:00",
    "dateUpdated": "2024-08-07T09:28:41.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-3271\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-10-13T20:00:02.057\",\"lastModified\":\"2023-02-13T02:19:17.897\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \\\"synchronization problem\\\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat 5.5.0 y 4.1.0 hasta la 4.1.31 permite a atacantes remotos eludir una restricci\u00f3n de direcci\u00f3n IP y obtener informaci\u00f3n sensible a trav\u00e9s de una solicitud \\r\\nque se tramita simult\u00e1neamente con otra petici\u00f3n, pero en otro hilo, lo que lleva a una sobreescritura de una variable de instancia asociada con un \\\"problema de sincronizaci\u00f3n\\\" y con un fallo de seguridad en la implementaci\u00f3n de los hilos, relacionada con RemoteFilterValve, RemoteAddrValve, y RemoteHostValve.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E300013-0CE7-4313-A553-74A6A247B3E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08D7414-8D0C-45D6-8E87-679DF0201D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60CFD9CA-1878-4C74-A9BD-5D581736E6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E52BE7-5281-4430-8846-E41CF34FC214\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02860646-1D72-4D9A-AE2A-5868C8EDB3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE4B9B5-9C2E-47E1-9483-88A17264594F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE92A9B-4B8C-468E-9162-A56ED5313E17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE21D455-5B38-4B07-8E25-4EE782501EB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C92F3744-C8F9-4E29-BF1A-25E03A32F2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084B3227-FE22-43E3-AE06-7BB257018690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D536FF4-7582-4351-ABE3-876E20F8E7FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB43F47F-5BF9-43A0-BF0E-451B4A8F7137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DDD82E-5D83-4581-B2F3-F12655BBF817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0F0C91-171E-421D-BE86-11567DEFC7BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22D2621-D305-43CE-B00D-9A7563B061F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F4245BA-B05C-49DE-B2E0-1E588209ED3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8633532B-9785-4259-8840-B08529E20DCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D9BD7E-FCC2-404B-A057-1A10997DAFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F935ED72-58F4-49C1-BD9F-5473E0B9D8CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EA52901-2D16-4F7E-BF5E-780B42A55D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A79DA2C-35F3-47DE-909B-8D8D1AE111C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BF6952D-6308-4029-8B63-0BD9C648C60F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94941F86-0BBF-4F30-8F13-FB895A11ED69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17522878-4266-432A-859D-C02096C8AC0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN30732239/index.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32213\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32234\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/32398\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/35684\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/4396\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.nec.co.jp/security-info/secinfo/nv09-006.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/497220/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/31698\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1021039\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2793\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2800\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1818\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/45791\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=25835\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"}]}}"
  }
}

gsd-2008-3271

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2008-3271

Aliases

CVE-2008-3271

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3271",
    "description": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
    "id": "GSD-2008-3271",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3271.html",
      "https://access.redhat.com/errata/RHSA-2008:1007"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3271"
      ],
      "details": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
      "id": "GSD-2008-3271",
      "modified": "2023-12-13T01:23:05.457038Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2008-3271",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tomcat.apache.org/security-4.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "http://tomcat.apache.org/security-5.html",
            "refsource": "MISC",
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "http://jvn.jp/en/jp/JVN30732239/index.html",
            "refsource": "MISC",
            "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
          },
          {
            "name": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html",
            "refsource": "MISC",
            "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
          },
          {
            "name": "http://secunia.com/advisories/32213",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32213"
          },
          {
            "name": "http://secunia.com/advisories/32234",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32234"
          },
          {
            "name": "http://secunia.com/advisories/32398",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/32398"
          },
          {
            "name": "http://secunia.com/advisories/35684",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35684"
          },
          {
            "name": "http://securityreason.com/securityalert/4396",
            "refsource": "MISC",
            "url": "http://securityreason.com/securityalert/4396"
          },
          {
            "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html",
            "refsource": "MISC",
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
          },
          {
            "name": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html",
            "refsource": "MISC",
            "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/497220/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
          },
          {
            "name": "http://www.securityfocus.com/bid/31698",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/31698"
          },
          {
            "name": "http://www.securitytracker.com/id?1021039",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1021039"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/2793",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/2793"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2008/2800",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2008/2800"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1818",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1818"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
          },
          {
            "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835",
            "refsource": "MISC",
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2008-3271"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31698",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31698"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "32234",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32234"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
            },
            {
              "name": "JVN#30732239",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
            },
            {
              "name": "32213",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32213"
            },
            {
              "name": "1021039",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1021039"
            },
            {
              "name": "32398",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32398"
            },
            {
              "name": "SUSE-SR:2008:023",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
            },
            {
              "name": "4396",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/4396"
            },
            {
              "name": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
            },
            {
              "name": "ADV-2009-1818",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1818"
            },
            {
              "name": "35684",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35684"
            },
            {
              "name": "JVNDB-2008-000069",
              "refsource": "JVNDB",
              "tags": [],
              "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
            },
            {
              "name": "ADV-2008-2793",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2793"
            },
            {
              "name": "ADV-2008-2800",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2800"
            },
            {
              "name": "apache-tomcat-valve-security-bypass(45791)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
            },
            {
              "name": "20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
            },
            {
              "name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:19Z",
      "publishedDate": "2008-10-13T20:00Z"
    }
  }
}

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.Impact varies depending on the accessed context by the non-permitted IP address. For example information disclosure may be possible as a result. Apache Tomcat is prone to a security-bypass vulnerability related to extensions of 'RemoteFilterValve'. Attackers may be able to bypass certain access restrictions. The following versions are vulnerable: Tomcat 4.1.0 through 4.1.32 Tomcat 5.5.0.

TITLE: Apache Tomcat Directory Listing Denial of Service

SECUNIA ADVISORY ID: SA17416

VERIFY ADVISORY: http://secunia.com/advisories/17416/

CRITICAL: Not critical

IMPACT: DoS

WHERE:

From remote

SOFTWARE: Apache Tomcat 5.x http://secunia.com/product/3571/

DESCRIPTION: David Maciejak has discovered a vulnerability in Apache Tomcat, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to the inefficient generation of directory listing for web directories that has a large number of files. By sending multiple concurrent requests for such a directory, it is possible to prevent other users from accessing the directory and causes the server to consume a large amount of CPU resources. The vulnerability affects only the directory that is being listed. Files or applications in other web directories are not affected.

Successful exploitation requires that directory listing is enabled in a directory with a large number of files.

The vulnerability has been confirmed in Tomcat version 5.5.11 and 5.5.12 on the Windows platform, and has been reported in versions 5.5.0 through 5.5.11. Other versions may also be affected.

Note: In version 5.5.12, the server will resume normal operation after a few minutes.

SOLUTION: The vulnerability has been partially addressed in version 5.5.12, which will resume normal operation after a few minutes.

Disable directory listing for web directories that has a large number of files.

PROVIDED AND/OR DISCOVERED BY: David Maciejak

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Mitigation: Upgrade to: 4.1.32 or later 5.5.1 or later 6.0.0 or later

Example: This has only been reproduced using a debugger to force a particular processing sequence across two threads.

1. Set a breakpoint right after the place where a value
   is to be entered in the instance variable of regexp
   (search:org.apache.regexp.CharacterIterator).

2. Send a request from the IP address* which is not permitted. 
   (stopped at the breakpoint)

   *About the IP address which is not permitted. 
   The character strings length of the IP address which is set
   in RemoteAddrValve must be same.

3. Send a request from the IP address which was set in
   RemoteAddrValve. 
   (stopped at the breakpoint)
   In this way, the instance variable is to be overwritten here.

4. Resume the thread which is processing the step 2 above.

5. The request from the not permitted IP address will succeed.

References: http://tomcat.apache.org/security.html

Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjuibsACgkQb7IeiTPGAkO33wCgiBY0nBdTaXBC8oPoHqMWH4mt OtgAmQHjgnxg0vKKSp43vez8XaBIZpOj =9Z/F -----END PGP SIGNATURE----- .

Apache Tomcat 5.x: Update to version 5.5.1 or later.

SOLUTION: Patches are scheduled for release.

Use a proxy or firewall to protect resources. Version 5.5.x is intented for servlet/jsp specification 2.4/2.0. More information on http://tomcat.apache.org/

Description:

Many time consuming directory listing requests can cause a denial of service.

Detection/PoC:

On Linux: Vulnerable version tested are 5.5.0 to 5.5.11. 5.5.12 and 5.0.28 seems not to be impacted.

A easy way to test : -Download Tomcat package from Tomcat archive -Unpack it, use default configuration -In webapps example dir, add some empty files (enough for the dir listing request to be long) -Thread many listing access on this directory

Workaround:

Upgrade to linux version 5.5.12

PS: Secunia team have done more test available on http://secunia.com/advisories/17416/

David Maciejak

KYXAR.FR - Mail envoy\xe9 depuis http://webmail.kyxar.fr . ----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability intelligence source on the market.

Implement it through Secunia.

For more information visit: http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com

TITLE: NEC WebOTX Products "RemoteFilterValve" Security Bypass Security Issue

SECUNIA ADVISORY ID: SA35684

VERIFY ADVISORY: http://secunia.com/advisories/35684/

DESCRIPTION: A security issue has been reported in various NEC WebOTX products, which potentially can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to a synchronisation problem when checking IP addresses and can be exploited to bypass a filter valve that extends "RemoteFilterValve" and potentially gain access to protected contexts.

The security issue is reported in the following products and versions: * WebOTX Web Edition version 4.x through 5.x * WebOTX Standard-J Edition version 4.x through 5.x * WebOTX Standard Edition version 4.x through 5.x * WebOTX Enterprise Edition version 4.x through 5.x * WebOTX UDDI Registry version 1.1 through 2.1

SOLUTION: Reportedly, patches are available. Contact the vendor's sales department for more information.

For more information: SA32213

SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200810-0184",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "apache",
        "version": "5.5.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "4.1.31"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "4.1.30"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "4.1.3"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.8"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.5"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.7"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.4"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.6"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "4.1.9"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.28"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.29"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.24"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.12"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "4.1.10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.18"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.13"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.15"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.17"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.23"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.2"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.19"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.21"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.1"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.14"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.16"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.22"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.11"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.25"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.26"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.27"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "4.1.20"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "4.1.0 to 4.1.31"
      },
      {
        "model": "interstage application framework suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "webotx application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "nec",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.0"
      },
      {
        "model": "webotx uddi registry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "2.1"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "webotx standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "4.x"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.3"
      },
      {
        "model": "webotx web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "5.x"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.0"
      },
      {
        "model": "interstage application server enterprise edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.2"
      },
      {
        "model": "linux enterprise sdk sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.1.32"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "5.0.1"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage apworks modelers-j edition 6.0a",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "webotx enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "5.x"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server plus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "webotx web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "4.x"
      },
      {
        "model": "interstage business application server enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.0"
      },
      {
        "model": "tomcat",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server plus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "webotx enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "4.x"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "6.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "red hat network satellite (for rhel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4)5.1"
      },
      {
        "model": "webotx standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "5.x"
      },
      {
        "model": "tomcat beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "4.1.3"
      },
      {
        "model": "interstage application server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "webotx standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "5.x"
      },
      {
        "model": "linux enterprise sdk 10.sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "linux enterprise server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "webotx uddi registry",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "1.1"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "tomcat",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "6.0"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "novell linux desktop sdk",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "webotx standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nec",
        "version": "4.x"
      },
      {
        "model": "red hat network satellite server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3271"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Kenichi Tsukamoto",
    "sources": [
      {
        "db": "BID",
        "id": "31698"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-3271",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.6,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2008-000069",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-3271",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2008-000069",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200810-176",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.Impact varies depending on the accessed context by the non-permitted IP address. For example information disclosure may be possible as a result. Apache Tomcat is prone to a security-bypass vulnerability related to extensions of \u0027RemoteFilterValve\u0027. \nAttackers may be able to bypass certain access restrictions. \nThe following versions are vulnerable:\nTomcat 4.1.0 through 4.1.32\nTomcat 5.5.0. \n\nTITLE:\nApache Tomcat Directory Listing Denial of Service\n\nSECUNIA ADVISORY ID:\nSA17416\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17416/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nApache Tomcat 5.x\nhttp://secunia.com/product/3571/\n\nDESCRIPTION:\nDavid Maciejak has discovered a vulnerability in Apache Tomcat, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to the inefficient generation of\ndirectory listing for web directories that has a large number of\nfiles. By sending multiple concurrent requests for such a directory,\nit is possible to prevent other users from accessing the directory\nand causes the server to consume a large amount of CPU resources. The\nvulnerability affects only the directory that is being listed. Files\nor applications in other web directories are not affected. \n\nSuccessful exploitation requires that directory listing is enabled in\na directory with a large number of files. \n\nThe vulnerability has been confirmed in Tomcat version 5.5.11 and\n5.5.12 on the Windows platform, and has been reported in versions\n5.5.0 through 5.5.11. Other versions may also be affected. \n\nNote: In version 5.5.12, the server will resume normal operation\nafter a few minutes. \n\nSOLUTION:\nThe vulnerability has been partially addressed in version 5.5.12,\nwhich will resume normal operation after a few minutes. \n\nDisable directory listing for web directories that has a large number\nof files. \n\nPROVIDED AND/OR DISCOVERED BY:\nDavid Maciejak\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nMitigation:\nUpgrade to:\n4.1.32 or later\n5.5.1 or later\n6.0.0 or later\n\nExample:\nThis has only been reproduced using a debugger to force a particular\nprocessing sequence across two threads. \n\n    1. Set a breakpoint right after the place where a value\n       is to be entered in the instance variable of regexp\n       (search:org.apache.regexp.CharacterIterator). \n\n    2. Send a request from the IP address* which is not permitted. \n       (stopped at the breakpoint)\n\n       *About the IP address which is not permitted. \n       The character strings length of the IP address which is set\n       in RemoteAddrValve must be same. \n\n    3. Send a request from the IP address which was set in\n       RemoteAddrValve. \n       (stopped at the breakpoint)\n       In this way, the instance variable is to be overwritten here. \n\n    4. Resume the thread which is processing the step 2 above. \n\n    5. The request from the not permitted IP address will succeed. \n\nReferences:\nhttp://tomcat.apache.org/security.html\n\nMark Thomas\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niEYEARECAAYFAkjuibsACgkQb7IeiTPGAkO33wCgiBY0nBdTaXBC8oPoHqMWH4mt\nOtgAmQHjgnxg0vKKSp43vez8XaBIZpOj\n=9Z/F\n-----END PGP SIGNATURE-----\n. \n\nApache Tomcat 5.x:\nUpdate to version 5.5.1 or later. \n\nSOLUTION:\nPatches are scheduled for release. \n\nUse a proxy or firewall to protect resources. \nVersion 5.5.x is intented for servlet/jsp specification 2.4/2.0. \nMore information on http://tomcat.apache.org/\n\nDescription:\n\nMany time consuming directory listing requests can cause a denial of service. \n\nDetection/PoC:\n\nOn Linux:\nVulnerable version tested are 5.5.0 to 5.5.11. \n5.5.12 and 5.0.28 seems not to be impacted. \n\nA easy way to test :\n-Download Tomcat package from Tomcat archive\n-Unpack it, use default configuration\n-In webapps example dir, add some empty files (enough for the dir listing \nrequest to be long)\n-Thread many listing access on this directory\n\nWorkaround:\n\nUpgrade to linux version 5.5.12\n\nPS: Secunia team have done more test available on\nhttp://secunia.com/advisories/17416/\n\nDavid Maciejak\n\n\n\n--------------------------------------------------------------------------------\nKYXAR.FR - Mail envoy\\xe9 depuis http://webmail.kyxar.fr\n. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management)  \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nFor more information visit:\nhttp://secunia.com/advisories/business_solutions/\n\nAlternatively request a call from a Secunia representative today to\ndiscuss how we can help you with our capabilities contact us at:\nsales@secunia.com\n\n----------------------------------------------------------------------\n\nTITLE:\nNEC WebOTX Products \"RemoteFilterValve\" Security Bypass Security\nIssue\n\nSECUNIA ADVISORY ID:\nSA35684\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/35684/\n\nDESCRIPTION:\nA security issue has been reported in various NEC WebOTX products,\nwhich potentially can be exploited by malicious people to bypass\ncertain security restrictions. \n\nThe security issue is caused due to a synchronisation problem when\nchecking IP addresses and can be exploited to bypass a filter valve\nthat extends \"RemoteFilterValve\" and potentially gain access to\nprotected contexts. \n\nThe security issue is reported in the following products and\nversions:\n* WebOTX Web Edition version 4.x through 5.x\n* WebOTX Standard-J Edition version 4.x through 5.x\n* WebOTX Standard Edition version 4.x through 5.x\n* WebOTX Enterprise Edition version 4.x through 5.x\n* WebOTX UDDI Registry version 1.1 through 2.1\n\nSOLUTION:\nReportedly, patches are available. Contact the vendor\u0027s sales\ndepartment for more information. \n\nFor more information:\nSA32213\n\nSOLUTION:\nApply updated packages via YaST Online Update or the SUSE FTP server",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-3271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "db": "BID",
        "id": "31698"
      },
      {
        "db": "PACKETSTORM",
        "id": "41248"
      },
      {
        "db": "PACKETSTORM",
        "id": "70828"
      },
      {
        "db": "PACKETSTORM",
        "id": "70882"
      },
      {
        "db": "PACKETSTORM",
        "id": "70792"
      },
      {
        "db": "PACKETSTORM",
        "id": "41335"
      },
      {
        "db": "PACKETSTORM",
        "id": "79028"
      },
      {
        "db": "PACKETSTORM",
        "id": "71395"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3271",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "31698",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "32213",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "32234",
        "trust": 2.6
      },
      {
        "db": "JVN",
        "id": "JVN30732239",
        "trust": 2.6
      },
      {
        "db": "SECUNIA",
        "id": "35684",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "32398",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2800",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1818",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2008-2793",
        "trust": 1.6
      },
      {
        "db": "SREASON",
        "id": "4396",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1021039",
        "trust": 1.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176",
        "trust": 0.6
      },
      {
        "db": "SECUNIA",
        "id": "17416",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "41248",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70828",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70882",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "70792",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "41335",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "79028",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "71395",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "db": "PACKETSTORM",
        "id": "41248"
      },
      {
        "db": "PACKETSTORM",
        "id": "70828"
      },
      {
        "db": "PACKETSTORM",
        "id": "70882"
      },
      {
        "db": "PACKETSTORM",
        "id": "70792"
      },
      {
        "db": "PACKETSTORM",
        "id": "41335"
      },
      {
        "db": "PACKETSTORM",
        "id": "79028"
      },
      {
        "db": "PACKETSTORM",
        "id": "71395"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ]
  },
  "id": "VAR-200810-0184",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.15801565
  },
  "last_update_date": "2023-12-18T10:49:06.563000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Updates",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security"
      },
      {
        "title": "Apache Tomcat 4.x vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "title": "Apache Tomcat 5.x vulnerabilities",
        "trust": 0.8,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "title": "Bug 25835",
        "trust": 0.8,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
      },
      {
        "title": "interstage-200806e",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
      },
      {
        "title": "NV09-006",
        "trust": 0.8,
        "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3271"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "http://www.securityfocus.com/bid/31698"
      },
      {
        "trust": 2.6,
        "url": "http://jvn.jp/en/jp/jvn30732239/index.html"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/32234"
      },
      {
        "trust": 2.0,
        "url": "http://tomcat.apache.org/security-4.html"
      },
      {
        "trust": 2.0,
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "trust": 2.0,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
      },
      {
        "trust": 2.0,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
      },
      {
        "trust": 2.0,
        "url": "http://jvndb.jvn.jp/en/contents/2008/jvndb-2008-000069.html"
      },
      {
        "trust": 2.0,
        "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/32213"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/32398"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/35684"
      },
      {
        "trust": 1.6,
        "url": "http://securityreason.com/securityalert/4396"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id?1021039"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2008/2793"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2008/2800"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2009/1818"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.6,
        "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/32213/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3271"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2008/2793"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3271"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
      },
      {
        "trust": 0.5,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.4,
        "url": "http://tomcat.apache.org/"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/497220"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/binary_analysis/sample_analysis/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/17416/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/3571/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3271"
      },
      {
        "trust": 0.1,
        "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835)"
      },
      {
        "trust": 0.1,
        "url": "http://tomcat.apache.org/security.html"
      },
      {
        "trust": 0.1,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/328/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/3571/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/32234/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13693/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/15986/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13690/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13688/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/15610/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13685/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13687/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13689/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13686/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13692/"
      },
      {
        "trust": 0.1,
        "url": "http://webmail.kyxar.fr"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35684/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/32398/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/4664/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/13375/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/4118/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/product/12192/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "31698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "db": "PACKETSTORM",
        "id": "41248"
      },
      {
        "db": "PACKETSTORM",
        "id": "70828"
      },
      {
        "db": "PACKETSTORM",
        "id": "70882"
      },
      {
        "db": "PACKETSTORM",
        "id": "70792"
      },
      {
        "db": "PACKETSTORM",
        "id": "41335"
      },
      {
        "db": "PACKETSTORM",
        "id": "79028"
      },
      {
        "db": "PACKETSTORM",
        "id": "71395"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "31698"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "db": "PACKETSTORM",
        "id": "41248"
      },
      {
        "db": "PACKETSTORM",
        "id": "70828"
      },
      {
        "db": "PACKETSTORM",
        "id": "70882"
      },
      {
        "db": "PACKETSTORM",
        "id": "70792"
      },
      {
        "db": "PACKETSTORM",
        "id": "41335"
      },
      {
        "db": "PACKETSTORM",
        "id": "79028"
      },
      {
        "db": "PACKETSTORM",
        "id": "71395"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-3271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-10-10T00:00:00",
        "db": "BID",
        "id": "31698"
      },
      {
        "date": "2008-10-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "date": "2005-11-03T23:53:58",
        "db": "PACKETSTORM",
        "id": "41248"
      },
      {
        "date": "2008-10-11T18:33:31",
        "db": "PACKETSTORM",
        "id": "70828"
      },
      {
        "date": "2008-10-13T22:53:24",
        "db": "PACKETSTORM",
        "id": "70882"
      },
      {
        "date": "2008-10-10T23:03:15",
        "db": "PACKETSTORM",
        "id": "70792"
      },
      {
        "date": "2005-11-08T14:26:54",
        "db": "PACKETSTORM",
        "id": "41335"
      },
      {
        "date": "2009-07-08T14:53:57",
        "db": "PACKETSTORM",
        "id": "79028"
      },
      {
        "date": "2008-10-31T18:08:14",
        "db": "PACKETSTORM",
        "id": "71395"
      },
      {
        "date": "2008-10-13T20:00:02.057000",
        "db": "NVD",
        "id": "CVE-2008-3271"
      },
      {
        "date": "2008-10-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-07-08T21:46:00",
        "db": "BID",
        "id": "31698"
      },
      {
        "date": "2009-07-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      },
      {
        "date": "2023-02-13T02:19:17.897000",
        "db": "NVD",
        "id": "CVE-2008-3271"
      },
      {
        "date": "2023-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Tomcat allows access from a non-permitted IP address",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-000069"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200810-176"
      }
    ],
    "trust": 0.6
  }
}

rhsa-2008_1007

Vulnerability from csaf_redhat

Published

2008-12-08 09:02

Modified

2024-11-05 16:59

Summary

Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server

Notes

Topic

Updated tomcat packages that fix multiple security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

This update corrects several security vulnerabilities in the Tomcat component shipped as part of Red Hat Network Satellite Server. In a typical operating environment, Tomcat is not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271) Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update to these Tomcat packages which resolve these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2008:1007",
        "url": "https://access.redhat.com/errata/RHSA-2008:1007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "http://tomcat.apache.org/security-5.html",
        "url": "http://tomcat.apache.org/security-5.html"
      },
      {
        "category": "external",
        "summary": "446393",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
      },
      {
        "category": "external",
        "summary": "456120",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
      },
      {
        "category": "external",
        "summary": "457597",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
      },
      {
        "category": "external",
        "summary": "457934",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
      },
      {
        "category": "external",
        "summary": "466875",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1007.json"
      }
    ],
    "title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server",
    "tracking": {
      "current_release_date": "2024-11-05T16:59:42+00:00",
      "generator": {
        "date": "2024-11-05T16:59:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2008:1007",
      "initial_release_date": "2008-12-08T09:02:00+00:00",
      "revision_history": [
        {
          "date": "2008-12-08T09:02:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2008-12-08T04:02:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T16:59:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.1::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
                "product": {
                  "name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
                  "product_id": "4AS-RHNSAT5",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:network_satellite:5.0:el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Satellite"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
                "product": {
                  "name": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
                  "product_id": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_12rh?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
          "product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
        },
        "product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
        "relates_to_product_reference": "4AS-RHNSAT5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2008-1232",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457597"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat: Cross-Site-Scripting enabled by sendError call",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "RHBZ#457597",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-12-08T09:02:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:1007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat: Cross-Site-Scripting enabled by sendError call"
    },
    {
      "cve": "CVE-2008-1947",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2008-05-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "446393"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat host manager xss - name field",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-1947"
        },
        {
          "category": "external",
          "summary": "RHBZ#446393",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
        }
      ],
      "release_date": "2008-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-12-08T09:02:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:1007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Tomcat host manager xss - name field"
    },
    {
      "cve": "CVE-2008-2370",
      "discovery_date": "2008-08-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "457934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat RequestDispatcher information disclosure vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "RHBZ#457934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
        }
      ],
      "release_date": "2008-08-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-12-08T09:02:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:1007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "tomcat RequestDispatcher information disclosure vulnerability"
    },
    {
      "cve": "CVE-2008-2938",
      "discovery_date": "2008-07-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "456120"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.  NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat Unicode directory traversal vulnerability",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-2938"
        },
        {
          "category": "external",
          "summary": "RHBZ#456120",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
        }
      ],
      "release_date": "2008-08-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-12-08T09:02:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:1007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "tomcat Unicode directory traversal vulnerability"
    },
    {
      "cve": "CVE-2008-3271",
      "discovery_date": "2008-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "466875"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "tomcat  RemoteFilterValve Information disclosure",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
          "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2008-3271"
        },
        {
          "category": "external",
          "summary": "RHBZ#466875",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2008-3271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2008-3271"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271"
        }
      ],
      "release_date": "2008-10-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2008-12-08T09:02:00+00:00",
          "details": "This update is available via Red Hat Network.  Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
          "product_ids": [
            "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
            "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2008:1007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "tomcat  RemoteFilterValve Information disclosure"
    }
  ]
}

ghsa-5jpg-mjvg-hfhp

Vulnerability from github

Published

2022-05-01 23:58

Modified

2022-05-01 23:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3271"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-10-13T20:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
  "id": "GHSA-5jpg-mjvg-hfhp",
  "modified": "2022-05-01T23:58:23Z",
  "published": "2022-05-01T23:58:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45791"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=25835"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN30732239/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32213"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32234"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32398"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35684"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/4396"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.nec.co.jp/security-info/secinfo/nv09-006.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/497220/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31698"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1021039"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2793"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2800"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1818"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2008-3271

Vulnerability from jvndb

Published

2008-10-10 15:44

Modified

2009-07-08 11:38

Severity ?

() - -

Summary

Apache Tomcat allows access from a non-permitted IP address

Details

Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN30732239/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271
	SECUNIA	http://secunia.com/advisories/32234
	SECUNIA	http://secunia.com/advisories/32213/
	BID	http://www.securityfocus.com/bid/31698
	FRSIRT	http://www.frsirt.com/english/advisories/2008/2793
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache Tomcat
	FUJITSU	Interstage Application Framework Suite
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Apworks
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Job Workload Server
	FUJITSU	Interstage Studio
	FUJITSU	Interstage Web Server
	NEC Corporation	WebOTX Application Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html",
  "dc:date": "2009-07-08T11:38+09:00",
  "dcterms:issued": "2008-10-10T15:44+09:00",
  "dcterms:modified": "2009-07-08T11:38+09:00",
  "description": "Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. \r\n\r\nThis vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. \r\n\r\nKenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:webotx_application_server",
      "@product": "WebOTX Application Server",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000069",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN30732239/index.html",
      "@id": "JVN#30732239",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271",
      "@id": "CVE-2008-3271",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271",
      "@id": "CVE-2008-3271",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/32234",
      "@id": "SA32234",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://secunia.com/advisories/32213/",
      "@id": "SA32213",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/31698",
      "@id": "31698",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2008/2793",
      "@id": "FrSIRT/ADV-2008-2793",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Apache Tomcat allows access from a non-permitted IP address"
}

Action not permitted

CVE-2008-3271

Vulnerability from cvelistv5

gsd-2008-3271

Vulnerability from gsd

var-200810-0184

Vulnerability from variot

rhsa-2008_1007

Vulnerability from csaf_redhat

ghsa-5jpg-mjvg-hfhp

Vulnerability from github

CVE-2008-3271

Vulnerability from jvndb

Tags