Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability

Bugtraq ID: 31698
Class: Design Error
CVE: CVE-2008-3271
Remote: Yes
Local: No
Published: Oct 10 2008 12:00AM
Updated: Jul 08 2009 09:46PM
Credit: Kenichi Tsukamoto
Vulnerable: SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 10 SP2
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE SUSE Linux Enterprise SDK 10 SP2
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop SDK 9.0
Redhat Red Hat Network Satellite Server 5.0.1
Redhat Red Hat Network Satellite Server 5.0
Redhat Red Hat Network Satellite (for RHEL 4) 5.1
NEC WebOTX Web Edition 5.x
NEC WebOTX Web Edition 4.x
NEC WebOTX UDDI Registry 2.1
NEC WebOTX UDDI Registry 1.1
NEC WebOTX Standard-J Edition 5.x
NEC WebOTX Standard-J Edition 4.x
NEC WebOTX Standard Edition 5.x
NEC WebOTX Standard Edition 4.x
NEC WebOTX Enterprise Edition 5.x
NEC WebOTX Enterprise Edition 4.x
Fujitsu INTERSTAGE Studio Standard-J Edition 9.0
Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Studio Enterprise Edition 9.0
Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Job Workload Server 8.1
Fujitsu INTERSTAGE Business Application Server Enterprise 8.0.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0A
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0 A
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0
Fujitsu iNTERSTAGE Application Server Standard Edition 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 6.0
Fujitsu Interstage Application Server Plus 7.0.1
Fujitsu Interstage Application Server Plus 7.0
Fujitsu Interstage Application Server Plus 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 A
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.3
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0
Apache Tomcat 5.0
Apache Tomcat 4.1.31
Apache Tomcat 4.1.30
Apache Tomcat 4.1.29
Apache Tomcat 4.1.28
Apache Tomcat 4.1.24
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Tomcat 4.1.12
Apache Tomcat 4.1.10
Apache Tomcat 4.1.3 beta
Apache Tomcat 4.1.3
Apache Tomcat 4.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.3
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.5
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- Redhat Linux 6.2 i386
- Redhat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Tomcat 4.1
Apache Tomcat 5.0
Not Vulnerable: Apache Tomcat 6.0
Apache Tomcat 5.0.1
Apache Tomcat 4.1.32


 

Privacy Statement
Copyright 2010, SecurityFocus