Japan Vulnerability NotesJVN:66905322JVN#66905322: Apache Tomcat information disclosure vulnerability
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
43.8%
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a vulnerability which may result in the disclosure of POSTed content from a previous request.
Impact
A remote attacker could possibly obtain user credentials such as password, session ID, user ID, etc.
Solution
Update the Software
Apply the latest udpate provided by the developer.
The following versions contain a fix of this vulnerability.
- Apache Tomcat 4.1.35 and later
- Apache Tomcat 5.5.21 and later
- Apache Tomcat 6.0.0 and later
For more information, refer to the developer’s website.
Products Affected
- Apache Tomcat 4.1.32 to 4.1.34
- Apache Tomcat 5.5.10 to 5.5.20
According to the developer, unsupported Apache Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. They have confirmed that Apache Tomcat 6.0.x is not affected.
Related
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
43.8%