5 matches found
K9913: Apache Tomcat vulnerability - CVE-2008-4308
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
SUSE CVE-2008-4308
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request...
SOL9913 - Apache Tomcat vulnerability - CVE-2008-4308
Description The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Information about this advisory is...
CVE-2008-4308
CVE-2008-4308 affects Apache Tomcat 4.1.32–4.1.34 and 5.5.10–5.5.20. The root cause is improper handling in the doRead method, which does not return -1 to signal a certain error condition, allowing the possibility of POST data from one request being sent to another. The consequence is potential i...
Fixed in Apache Tomcat 5.5.21
Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...