Detections
Analytics
CVE-2008-0002
high
Description
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
References
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/0488
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.securityfocus.com/bid/31681
http://www.securityfocus.com/bid/27703
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/487812/100/0/threaded
http://tomcat.apache.org/security-6.html
http://support.apple.com/kb/HT3216
http://securityreason.com/securityalert/3638
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://secunia.com/advisories/57126
http://secunia.com/advisories/37460
http://secunia.com/advisories/32222
http://secunia.com/advisories/29711
http://secunia.com/advisories/28915
http://secunia.com/advisories/28834
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html