Lucene search
K

5 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:29 p.m.25 views

K9913: Apache Tomcat vulnerability - CVE-2008-4308

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

2.6CVSS4.7AI score0.03914EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.3 views

SUSE CVE-2008-4308

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request...

2.6CVSS5.1AI score0.03914EPSS
Exploits2References3
F5 Networks
F5 Networks
added 2009/04/05 12:0 a.m.46 views

SOL9913 - Apache Tomcat vulnerability - CVE-2008-4308

Description The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Information about this advisory is...

2.6CVSS7.3AI score0.03914EPSS
Exploits2
CVE
CVE
added 2009/02/26 11:0 p.m.83 views

CVE-2008-4308

CVE-2008-4308 affects Apache Tomcat 4.1.32–4.1.34 and 5.5.10–5.5.20. The root cause is improper handling in the doRead method, which does not return -1 to signal a certain error condition, allowing the possibility of POST data from one request being sent to another. The consequence is potential i...

2.6CVSS6.2AI score0.03914EPSS
Exploits2References10Affected Software1
Apache Tomcat
Apache Tomcat
added 2008/01/21 12:0 a.m.47 views

Fixed in Apache Tomcat 5.5.21

Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...

5CVSS7.5AI score0.19622EPSS
Exploits2Affected Software1
Rows per page
Query Builder