BugTraq
CVE-2008-0002: Tomcat information disclosure vulnerability Feb 08 2008 10:24PM
Mark Thomas (markt apache org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2008-0002: Tomcat information disclosure vulnerability

Severity: important

Vendor:
The Apache Software Foundation

Versions Affected:
Tomcat 6.0.5 to 6.0.15

Description:
If an exception occurs during the processing of parameters (eg if the
client disconnects) then it is possible that the parameters submitted for
that request will be incorrectly processed as part of a following request.

Mitigation:
6.0.x users should upgrade to 6.0.16 or later.

Example:
See description.

Credit:
This issue was discovered by Chitrapandian N of AdventNet Inc.

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-6.html

The Apache Tomcat Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHrNaZb7IeiTPGAkMRAgRxAKCjiAu1kTbKcE4mo0azKvtakl3u/wCcD8Vk
S5EZi3e+Da7+99Jkxb/jzn8=
=rUWc
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus