CVE-2008-4308

EUVD-2022-2992
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
apachetomcat
4.1.32
apachetomcat
4.1.33
apachetomcat
4.1.34
apachetomcat
5.5.10
apachetomcat
5.5.11
apachetomcat
5.5.12
apachetomcat
5.5.13
apachetomcat
5.5.14
apachetomcat
5.5.15
apachetomcat
5.5.16
apachetomcat
5.5.17
apachetomcat
5.5.18
apachetomcat
5.5.19
apachetomcat
5.5.20
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat4
dapper
not-affected
gutsy
dne
hardy
dne
intrepid
dne
tomcat5.5
dapper
dne
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN66905322/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
http://secunia.com/advisories/34057
http://www.securityfocus.com/archive/1/501250
http://www.securityfocus.com/bid/33913
http://www.vupen.com/english/advisories/2009/0541
https://issues.apache.org/bugzilla/show_bug.cgi?id=40771
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
http://jvn.jp/en/jp/JVN66905322/index.html
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
http://secunia.com/advisories/34057
http://www.securityfocus.com/archive/1/501250
http://www.securityfocus.com/bid/33913
http://www.vupen.com/english/advisories/2009/0541
https://issues.apache.org/bugzilla/show_bug.cgi?id=40771
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E