[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0002Date: (C)2008-02-11   (M)2023-12-22


Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.8
Exploit Score: 8.6
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://www.securityfocus.com/archive/1/487812/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
BID-27703
SECUNIA-28834
SECUNIA-28915
SECUNIA-29711
BID-31681
SECUNIA-32222
SREASON-3638
SECUNIA-37460
SECUNIA-57126
ADV-2008-0488
ADV-2008-2780
ADV-2009-3316
APPLE-SA-2008-10-09
FEDORA-2008-1467
FEDORA-2008-1603
GLSA-200804-10
HPSBST02955
SUSE-SR:2009:004
http://support.apple.com/kb/HT3216
http://tomcat.apache.org/security-6.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

CPE    11
cpe:/a:apache:tomcat:6.0.5
cpe:/a:apache:tomcat:6.0.14
cpe:/a:apache:tomcat:6.0.13
cpe:/a:apache:tomcat:6.0.15
...
OVAL    1
oval:org.secpod.oval:def:20816

© SecPod Technologies