CVE-2008-3271Variable Extraction Error in Apache Tomcat

CWE-2645 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
4.3%
top 11.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedOct 13
Latest updateMay 1

Description

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat33 versions+32

🔴Vulnerability Details

2
GHSA
GHSA-5jpg-mjvg-hfhp: Apache Tomcat 52022-05-01
CVEList
CVE-2008-3271: Apache Tomcat 52008-10-13

📋Vendor Advisories

1
Red Hat
tomcat RemoteFilterValve Information disclosure2008-10-09

💬Community

1
Bugzilla
CVE-2008-3271 tomcat RemoteFilterValve Information disclosure2008-10-14
CVE-2008-3271 — Variable Extraction Error in Apache | cvebase