Lucene search

K
tomcatApache TomcatTOMCAT:FFCE0EAF6F002169ADD22518F9756629
HistoryFeb 08, 2008 - 12:00 a.m.

Fixed in Apache Tomcat 6.0.16

2008-02-0800:00:00
Apache Tomcat
tomcat.apache.org
34

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

4.8

Confidence

High

EPSS

0.125

Percentile

95.6%

Low: Session hi-jacking CVE-2007-5333

The previous fix for CVE-2007-3385 was incomplete. It did not consider the use of quotes or %5C within a cookie value.

Affects: 6.0.0-6.0.14

Low: Elevated privileges CVE-2007-5342

The JULI logging component allows web applications to provide their own logging configurations. The default security policy does not restrict this configuration and allows an untrusted web application to add files or overwrite existing files where the Tomcat process has the necessary file permissions to do so.

Affects: 6.0.0-6.0.15

Important: Information disclosure CVE-2007-5461

When Tomcat’s WebDAV servlet is configured for use with a context and has been enabled for write, some WebDAV requests that specify an entity with a SYSTEM tag can result in the contents of arbitary files being returned to the client.

Affects: 6.0.0-6.0.14

Important: Data integrity CVE-2007-6286

When using the native (APR based) connector, connecting to the SSL port using netcat and then disconnecting without sending any data will cause tomcat to handle a duplicate copy of one of the recent requests.

Affects: 6.0.0-6.0.15

Important: Information disclosure CVE-2008-0002

If an exception occurs during the processing of parameters (eg if the client disconnects) then it is possible that the parameters submitted for that request will be incorrectly processed as part of a subsequent request.

Affects: 6.0.5-6.0.15

Affected configurations

Vulners
Node
apachetomcatRange6.0.0
OR
apachetomcatRange6.0.14
OR
apachetomcatRange6.0.15
OR
apachetomcatRange6.0.5
VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

4.8

Confidence

High

EPSS

0.125

Percentile

95.6%