CVE-2008-0002

Sažetak

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

Reference

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/28834
http://secunia.com/advisories/28915
http://secunia.com/advisories/29711
http://secunia.com/advisories/32222
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://securityreason.com/securityalert/3638
http://support.apple.com/kb/HT3216
http://tomcat.apache.org/security-6.html
http://www.securityfocus.com/archive/1/487812/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/27703
http://www.securityfocus.com/bid/31681
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2008/0488
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/3316
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

15-10-2018 - 21:56

Objavljeno

12-02-2008 - 01:00