Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-5X5F-9R6Q-Q7MH
HistoryMay 01, 2022 - 11:27 p.m.

Apache Tomcat Sensitive Information Disclosure

2022-05-0123:27:14
CWE-200
GitHub Advisory Database
github.com
13
apache tomcat
sensitive information
remote attackers
parameter processing

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.005

Percentile

75.7%

JSON

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.

Affected configurations

Vulners
Node
org.apache.tomcattomcatRange6.0.06.0.16
VendorProductVersionCPE
org.apache.tomcattomcat*cpe:2.3:a:org.apache.tomcat:tomcat:*:*:*:*:*:*:*:*

References

Related

securityvulns 2
prion 1
cve 1
ubuntucve 1
cvelist 1
nvd 1
veracode 1
osv 1
nessus 11
gentoo 1
openvas 12
redhat 1
tomcat 1
fedora 2
vmware 2
securityvulns
securityvulns
CVE-2008-0002: Tomcat information disclosure vulnerability
2008-02-10 00:00:00
Apache Tomcat multiple security vulnerabilities
2008-02-10 00:00:00
prion
prion
Design/Logic Flaw
2008-02-12 01:00:00
cve
cve
CVE-2008-0002
2008-02-12 01:00:00
ubuntucve
ubuntucve
CVE-2008-0002
2008-02-12 00:00:00
cvelist
cvelist
CVE-2008-0002
2008-02-12 00:00:00
nvd
nvd
CVE-2008-0002
2008-02-12 01:00:00
veracode
veracode
Information Disclosure
2018-11-09 06:24:23
osv
osv
Apache Tomcat Sensitive Information Disclosure
2022-05-01 23:27:14
nessus
nessus
GLSA-200804-10 : Tomcat: Multiple vulnerabilities
2008-04-17 00:00:00
RHEL 4 : JBoss EAP (RHSA-2008:0151)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2008:0213)
2013-01-24 00:00:00
gentoo
gentoo
Tomcat: Multiple vulnerabilities
2008-04-10 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200804-10 (tomcat)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200804-10 (tomcat)
2008-09-24 00:00:00
Fedora Update for tomcat5 FEDORA-2008-1603
2009-02-16 00:00:00
redhat
redhat
(RHSA-2008:0158) Moderate: JBoss Enterprise Application Platform security update
2008-03-24 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.16
2008-02-08 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
2008-02-13 05:14:35
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
2008-02-13 04:55:03
vmware
vmware
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
2009-11-20 00:00:00
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components
2009-11-20 00:00:00

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.005

Percentile

75.7%

JSON
Related for GHSA-5X5F-9R6Q-Q7MH
securityvulns2prion1cve1ubuntucve1cvelist1nvd1veracode1osv1nessus11gentoo1openvas12redhat1tomcat1fedora2vmware2