jvndb-2008-000069
Vulnerability from jvndb
Published
2008-10-10 15:44
Modified
2009-07-08 11:38
Severity ?
() - -
Summary
Apache Tomcat allows access from a non-permitted IP address
Details
Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN30732239/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271
SECUNIA http://secunia.com/advisories/32234
SECUNIA http://secunia.com/advisories/32213/
BID http://www.securityfocus.com/bid/31698
FRSIRT http://www.frsirt.com/english/advisories/2008/2793
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Apache Software FoundationApache Tomcat
FUJITSUInterstage Application Framework Suite
FUJITSUInterstage Application Server
FUJITSUInterstage Apworks
FUJITSUInterstage Business Application Server
FUJITSUInterstage Job Workload Server
FUJITSUInterstage Studio
FUJITSUInterstage Web Server
NEC CorporationWebOTX Application Server
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html",
  "dc:date": "2009-07-08T11:38+09:00",
  "dcterms:issued": "2008-10-10T15:44+09:00",
  "dcterms:modified": "2009-07-08T11:38+09:00",
  "description": "Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. \r\n\r\nThis vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. \r\n\r\nKenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:webotx_application_server",
      "@product": "WebOTX Application Server",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000069",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN30732239/index.html",
      "@id": "JVN#30732239",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3271",
      "@id": "CVE-2008-3271",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3271",
      "@id": "CVE-2008-3271",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/32234",
      "@id": "SA32234",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://secunia.com/advisories/32213/",
      "@id": "SA32213",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/31698",
      "@id": "31698",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2008/2793",
      "@id": "FrSIRT/ADV-2008-2793",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Apache Tomcat allows access from a non-permitted IP address"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.