2.6
CVSSv2

CVE-2008-4308

Published: 26/02/2009 Updated: 25/03/2019
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Summary

The doRead method in Apache Tomcat 4.1.32 up to and including 4.1.34 and 5.5.10 up to and including 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

Affected Products

Vendor Product Versions
ApacheTomcat4.1.32, 4.1.33, 4.1.34, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20