Date: Fri, 08 Feb 2008 22:24:25 +0000
From: Mark Thomas <markt@apache.org.>
To: Tomcat Users List <users@tomcat.apache.org.>,
Subject: CVE-2008-0002: Tomcat information disclosure vulnerability
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2008-0002: Tomcat information disclosure vulnerability
Severity: important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 6.0.5 to 6.0.15
Description:
If an exception occurs during the processing of parameters (eg if the
client disconnects) then it is possible that the parameters submitted for
that request will be incorrectly processed as part of a following request.
Mitigation:
6.0.x users should upgrade to 6.0.16 or later.
Example:
See description.
Credit:
This issue was discovered by Chitrapandian N of AdventNet Inc.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-6.html
The Apache Tomcat Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHrNaZb7IeiTPGAkMRAgRxAKCjiAu1kTbKcE4mo0azKvtakl3u/wCcD8Vk
S5EZi3e+Da7+99Jkxb/jzn8=
=rUWc
-----END PGP SIGNATURE-----
