Japan Vulnerability NotesJVN:30732239JVN#30732239: Apache Tomcat allows access from a non-permitted IP address
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.5%
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context.
Impact
Impact varies depending on the accessed context by the non-permitted IP address. For example information disclosure may be possible as a result.
Solution
Update the Software
Apply the latest updates provided by the developer.
The following versions contain a fix of this vulnerability.
- Apache Tomcat 4.1.32 and later
- Apache Tomcat 5.5.1 and later
For more information, refer to the developerโs website.
Products Affected
- Apache Tomcat 4.1.0 to 4.1.31
- Apache Tomcat 5.5.0
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected.
It is confirmed that Apache Tomcat 6.0.x is not affected.
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
59.5%