| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <47ACD699.5050306@apache.org> Date: Fri, 08 Feb 2008 22:24:25 +0000 From: Mark Thomas <markt@...che.org> To: Tomcat Users List <users@...cat.apache.org>, Tomcat Developers List <dev@...cat.apache.org>, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Cc: Apache Tomcat private security list <security@...cat.apache.org> Subject: CVE-2008-0002: Tomcat information disclosure vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2008-0002: Tomcat information disclosure vulnerability Severity: important Vendor: The Apache Software Foundation Versions Affected: Tomcat 6.0.5 to 6.0.15 Description: If an exception occurs during the processing of parameters (eg if the client disconnects) then it is possible that the parameters submitted for that request will be incorrectly processed as part of a following request. Mitigation: 6.0.x users should upgrade to 6.0.16 or later. Example: See description. Credit: This issue was discovered by Chitrapandian N of AdventNet Inc. References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-6.html The Apache Tomcat Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHrNaZb7IeiTPGAkMRAgRxAKCjiAu1kTbKcE4mo0azKvtakl3u/wCcD8Vk S5EZi3e+Da7+99Jkxb/jzn8= =rUWc -----END PGP SIGNATURE-----
Powered by blists - more mailing lists