Home / vulnerabilities tomcat-disclose.txt
Posted on 09 February 2008
Source : packetstormsecurity.org Link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2008-0002: Tomcat information disclosure vulnerability
Severity: important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 6.0.5 to 6.0.15
Description:
If an exception occurs during the processing of parameters (eg if the
client disconnects) then it is possible that the parameters submitted for
that request will be incorrectly processed as part of a following request.
Mitigation:
6.0.x users should upgrade to 6.0.16 or later.
Example:
See description.
Credit:
This issue was discovered by Chitrapandian N of AdventNet Inc.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-6.html
The Apache Tomcat Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHrNaZb7IeiTPGAkMRAgRxAKCjiAu1kTbKcE4mo0azKvtakl3u/wCcD8Vk
S5EZi3e+Da7+99Jkxb/jzn8=
=rUWc
-----END PGP SIGNATURE-----