Vulnerability Description
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 6.0.5 |
References
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://marc.info/?l=bugtraq&m=139344343412337&w=2
- http://secunia.com/advisories/28834
- http://secunia.com/advisories/28915
- http://secunia.com/advisories/29711
- http://secunia.com/advisories/32222
- http://secunia.com/advisories/37460
- http://secunia.com/advisories/57126
- http://security.gentoo.org/glsa/glsa-200804-10.xml
- http://securityreason.com/securityalert/3638
- http://support.apple.com/kb/HT3216
- http://tomcat.apache.org/security-6.html
- http://www.securityfocus.com/archive/1/487812/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
FAQ
What is CVE-2008-0002?
CVE-2008-0002 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive...
How severe is CVE-2008-0002?
CVE-2008-0002 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0002?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.