QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-3271

Back to search

CVE-2008-3271

Published: Oct 13, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2008-2800
vdb-entry
x_refsource_VUPEN
32234
third-party-advisory
x_refsource_SECUNIA
32398
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:023
vendor-advisory
x_refsource_SUSE
ADV-2009-1818
vdb-entry
x_refsource_VUPEN
4396
third-party-advisory
x_refsource_SREASON
31698
vdb-entry
x_refsource_BID
35684
third-party-advisory
x_refsource_SECUNIA
ADV-2008-2793
vdb-entry
x_refsource_VUPEN
1021039
vdb-entry
x_refsource_SECTRACK
JVN#30732239
third-party-advisory
x_refsource_JVN
JVNDB-2008-000069
third-party-advisory
x_refsource_JVNDB
32213
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now