|
|
CVE Reference: CVE-2008-3271 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3271 |
|
|
Description: Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/45791 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html ST 1021039 SREASON http://securityreason.com/securityalert/4396 SAID Secunia Advisory: SA32234 Secunia Advisory: SA32213 Secunia Advisory: SA32398 Secunia Advisory: SA35684 JVNDB http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html JVN http://jvn.jp/en/jp/JVN30732239/index.html CONFIRM http://www.nec.co.jp/security-info/secinfo/nv09-006.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html http://tomcat.apache.org/security-5.html http://tomcat.apache.org/security-4.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/497220/100/0/threaded BID 31698 |
|
| Return to the previous page. |
