4.3
CVSSv2

CVE-2008-3271

CVSSv4: NA | CVSSv3: NA | CVSSv2: 4.3 | VMScore: 530 | EPSS: 0.00695 | KEV: Not Included
Published: 13/10/2008 Updated: 21/11/2024

Vulnerability Summary

Apache Tomcat 5.5.0 and 4.1.0 up to and including 4.1.31 allows remote malicious users to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 4.1.0

apache tomcat 4.1.1

apache tomcat 4.1.2

apache tomcat 4.1.3

apache tomcat 4.1.4

apache tomcat 4.1.5

apache tomcat 4.1.6

apache tomcat 4.1.7

apache tomcat 4.1.8

apache tomcat 4.1.9

apache tomcat 4.1.10

apache tomcat 4.1.11

apache tomcat 4.1.12

apache tomcat 4.1.13

apache tomcat 4.1.14

apache tomcat 4.1.15

apache tomcat 4.1.16

apache tomcat 4.1.17

apache tomcat 4.1.18

apache tomcat 4.1.19

apache tomcat 4.1.20

apache tomcat 4.1.21

apache tomcat 4.1.22

apache tomcat 4.1.23

apache tomcat 4.1.24

apache tomcat 4.1.25

apache tomcat 4.1.26

apache tomcat 4.1.27

apache tomcat 4.1.28

apache tomcat 4.1.29

apache tomcat 4.1.30

apache tomcat 4.1.31

apache tomcat 5.5.0

Vendor Advisories

Synopsis Low: tomcat security update for Red Hat Network Satellite Server Type/Severity Security Advisory: Low Topic Updated tomcat packages that fix multiple security issues are now availablefor Red Hat Network Satellite ServerThis update has been rated as having low security impact by the RedHat Security ...

References

CWE-264https://access.redhat.com/errata/RHSA-2008:1007https://nvd.nist.govhttps://www.first.org/epsshttp://jvn.jp/en/jp/JVN30732239/index.htmlhttp://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.htmlhttp://secunia.com/advisories/32213http://secunia.com/advisories/32234http://secunia.com/advisories/32398http://secunia.com/advisories/35684http://securityreason.com/securityalert/4396http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.htmlhttp://www.nec.co.jp/security-info/secinfo/nv09-006.htmlhttp://www.securityfocus.com/archive/1/497220/100/0/threadedhttp://www.securityfocus.com/bid/31698http://www.securitytracker.com/id?1021039http://www.vupen.com/english/advisories/2008/2793http://www.vupen.com/english/advisories/2008/2800http://www.vupen.com/english/advisories/2009/1818https://exchange.xforce.ibmcloud.com/vulnerabilities/45791https://issues.apache.org/bugzilla/show_bug.cgi?id=25835https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttp://jvn.jp/en/jp/JVN30732239/index.htmlhttp://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.htmlhttp://secunia.com/advisories/32213http://secunia.com/advisories/32234http://secunia.com/advisories/32398http://secunia.com/advisories/35684http://securityreason.com/securityalert/4396http://tomcat.apache.org/security-4.htmlhttp://tomcat.apache.org/security-5.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.htmlhttp://www.nec.co.jp/security-info/secinfo/nv09-006.htmlhttp://www.securityfocus.com/archive/1/497220/100/0/threadedhttp://www.securityfocus.com/bid/31698http://www.securitytracker.com/id?1021039http://www.vupen.com/english/advisories/2008/2793http://www.vupen.com/english/advisories/2008/2800http://www.vupen.com/english/advisories/2009/1818https://exchange.xforce.ibmcloud.com/vulnerabilities/45791https://issues.apache.org/bugzilla/show_bug.cgi?id=25835https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E