mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
241 lines
8.0 KiB
JSON
241 lines
8.0 KiB
JSON
{
|
|
"id": "CVE-2008-4308",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2009-02-26T23:30:00.203",
|
|
"lastModified": "2025-04-09T00:30:58.490",
|
|
"vulnStatus": "Deferred",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El m\u00e9todo doRead en Apache Tomcat v4.1.32 hasta v4.1.34 y v5.5.10 hasta v5.5.20 no devuelve un -1 para indicar que una cierta condici\u00f3n de error ha ocurrido, lo que puede causar Tomcat enviar un contenido POST desde una petici\u00f3n a diferentes peticiones."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
|
|
"baseScore": 2.6,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "HIGH",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 4.9,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "951FFCD7-EAC2-41E6-A53B-F90C540327E8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BF1F2738-C7D6-4206-9227-43F464887FF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "98EEB6F2-A721-45CF-A856-0E01B043C317"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://jvn.jp/en/jp/JVN66905322/index.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/34057",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/501250",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/33913",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2009/0541",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://jvn.jp/en/jp/JVN66905322/index.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/34057",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/501250",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/33913",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2009/0541",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=40771",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |