Back to search
CVE-2008-4308
Published: Feb 26, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
JVN#66905322
third-party-advisory
x_refsource_JVN
ADV-2009-0541
vdb-entry
x_refsource_VUPEN
JVNDB-2009-000010
third-party-advisory
x_refsource_JVNDB
https://issues.apache.org/bugzilla/show_bug.cgi?id=40771
x_refsource_MISC
34057
third-party-advisory
x_refsource_SECUNIA
20090225 [SECURITY] CVE-2008-4308: Tomcat information disclosure vulnerability
mailing-list
x_refsource_BUGTRAQ
33913
vdb-entry
x_refsource_BID
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now