CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
apachetomcat
4.1.0
apachetomcat
4.1.1
apachetomcat
4.1.2
apachetomcat
4.1.3
apachetomcat
4.1.3:beta
apachetomcat
4.1.4
apachetomcat
4.1.5
apachetomcat
4.1.6
apachetomcat
4.1.7
apachetomcat
4.1.8
apachetomcat
4.1.9
apachetomcat
4.1.10
apachetomcat
4.1.11
apachetomcat
4.1.12
apachetomcat
4.1.13
apachetomcat
4.1.14
apachetomcat
4.1.15
apachetomcat
4.1.16
apachetomcat
4.1.17
apachetomcat
4.1.18
apachetomcat
4.1.19
apachetomcat
4.1.20
apachetomcat
4.1.21
apachetomcat
4.1.22
apachetomcat
4.1.23
apachetomcat
4.1.24
apachetomcat
4.1.25
apachetomcat
4.1.26
apachetomcat
4.1.27
apachetomcat
4.1.28
apachetomcat
4.1.29
apachetomcat
4.1.30
apachetomcat
4.1.31
apachetomcat
5.5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat4
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
dne
dapper
ignored
tomcat5
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
ignored
dapper
ignored
tomcat5.5
karmic
dne
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
ignored
feisty
ignored
dapper
dne
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN30732239/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
http://secunia.com/advisories/32213
http://secunia.com/advisories/32234
http://secunia.com/advisories/32398
http://secunia.com/advisories/35684
http://securityreason.com/securityalert/4396
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html
http://www.nec.co.jp/security-info/secinfo/nv09-006.html
http://www.securityfocus.com/archive/1/497220/100/0/threaded
http://www.securityfocus.com/bid/31698
http://www.securitytracker.com/id?1021039
http://www.vupen.com/english/advisories/2008/2793
http://www.vupen.com/english/advisories/2008/2800
http://www.vupen.com/english/advisories/2009/1818
https://exchange.xforce.ibmcloud.com/vulnerabilities/45791
https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://jvn.jp/en/jp/JVN30732239/index.html
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
http://secunia.com/advisories/32213
http://secunia.com/advisories/32234
http://secunia.com/advisories/32398
http://secunia.com/advisories/35684
http://securityreason.com/securityalert/4396
http://tomcat.apache.org/security-4.html
http://tomcat.apache.org/security-5.html
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html
http://www.nec.co.jp/security-info/secinfo/nv09-006.html
http://www.securityfocus.com/archive/1/497220/100/0/threaded
http://www.securityfocus.com/bid/31698
http://www.securitytracker.com/id?1021039
http://www.vupen.com/english/advisories/2008/2793
http://www.vupen.com/english/advisories/2008/2800
http://www.vupen.com/english/advisories/2009/1818
https://exchange.xforce.ibmcloud.com/vulnerabilities/45791
https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E