CVE-2008-0002 — Sensitive Information Exposure in Apache Tomcat

CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

4.1%

top 11.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedFeb 12

Latest updateMay 1

Description

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDapache/tomcat11 versions+10

🔴Vulnerability Details

GHSA

Apache Tomcat Sensitive Information Disclosure↗2022-05-01

▶

OSV

Apache Tomcat Sensitive Information Disclosure↗2022-05-01

▶

CVEList

CVE-2008-0002: Apache Tomcat 6↗2008-02-12

▶

📋Vendor Advisories

Red Hat

Tomcat information disclosure vulnerability↗2008-02-08

▶

💬Community

Bugzilla

CVE-2008-0002 Tomcat information disclosure vulnerability↗2008-02-11

▶