jvndb-2009-000010
Vulnerability from jvndb
Published
2009-02-26 15:28
Modified
2009-02-26 15:28
Severity ?
() - -
Summary
Apache Tomcat information disclosure vulnerability
Details
Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request. This vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.
References
JVN http://jvn.jp/en/jp/JVN66905322/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308
NVD http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4308
SECUNIA http://secunia.com/advisories/34057/
BID http://www.securityfocus.com/bid/33913
VUPEN http://www.vupen.com/english/advisories/2009/0541
JVNDB_Ja http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
Information Exposure(CWE-200) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Apache Software FoundationApache Tomcat
FUJITSUInterstage Application Server
FUJITSUInterstage Business Application Server
FUJITSUInterstage Studio
FUJITSUInterstage Web Server
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000010.html",
  "dc:date": "2009-02-26T15:28+09:00",
  "dcterms:issued": "2009-02-26T15:28+09:00",
  "dcterms:modified": "2009-02-26T15:28+09:00",
  "description": "Apache Tomcat from The Apache Software Foundation contains an information disclosure vulnerability. \r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\nApache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request.\r\n\r\nThis vulnerability was addressed and solved in ASF Bugzilla - Bug 40771. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 40771. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000010.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-000010",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN66905322/index.html",
      "@id": "JVN#66905322",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4308",
      "@id": "CVE-2008-4308",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4308",
      "@id": "CVE-2008-4308",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/34057/",
      "@id": "SA34057",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/33913",
      "@id": "33913",
      "@source": "BID"
    },
    {
      "#text": "http://www.vupen.com/english/advisories/2009/0541",
      "@id": "VUPEN/ADV-2009-0541",
      "@source": "VUPEN"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
      "@id": "JVNDB-2009-000010",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Apache Tomcat information disclosure vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.