Описание
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-3271
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45791
- https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
- http://jvn.jp/en/jp/JVN30732239/index.html
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html
- http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html
- http://secunia.com/advisories/32213
- http://secunia.com/advisories/32234
- http://secunia.com/advisories/32398
- http://secunia.com/advisories/35684
- http://securityreason.com/securityalert/4396
- http://tomcat.apache.org/security-4.html
- http://tomcat.apache.org/security-5.html
- http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html
- http://www.nec.co.jp/security-info/secinfo/nv09-006.html
- http://www.securityfocus.com/archive/1/497220/100/0/threaded
- http://www.securityfocus.com/bid/31698
- http://www.securitytracker.com/id?1021039
- http://www.vupen.com/english/advisories/2008/2793
- http://www.vupen.com/english/advisories/2008/2800
- http://www.vupen.com/english/advisories/2009/1818
EPSS
CVE ID
Связанные уязвимости
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers t ...
EPSS