ID

VAR-200810-0184


CVE

CVE-2008-3271


TITLE

Apache Tomcat allows access from a non-permitted IP address

Trust: 0.8

sources: JVNDB: JVNDB-2008-000069

DESCRIPTION

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve. Apache Tomcat from The Apache Software Foundation contains a vulnerability which may allow a user from a non-premitted IP address to gain access. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Apache Tomcat contains a vulnerability which may allow a user from a non-permitted IP address to gain access to a protected context. This vulnerability was addressed and solved in ASF Bugzilla - Bug 25835. However there was no description regarding this vulnerability in ASF Bugzilla - Bug 25835. Therefore, The Apache Tomcat Development Team has decided to publish an advisory regarding this issue. Kenichi Tsukamoto of Development Dept. II Application Management Middleware Div. FUJITSU LIMITED reported this vulnerability to IPA. JPCERT/CC coordinated with The Apache Software Foundation and the vendors under Information Security Early Warning Partnership.Impact varies depending on the accessed context by the non-permitted IP address. For example information disclosure may be possible as a result. Apache Tomcat is prone to a security-bypass vulnerability related to extensions of 'RemoteFilterValve'. Attackers may be able to bypass certain access restrictions. The following versions are vulnerable: Tomcat 4.1.0 through 4.1.32 Tomcat 5.5.0. TITLE: Apache Tomcat Directory Listing Denial of Service SECUNIA ADVISORY ID: SA17416 VERIFY ADVISORY: http://secunia.com/advisories/17416/ CRITICAL: Not critical IMPACT: DoS WHERE: >From remote SOFTWARE: Apache Tomcat 5.x http://secunia.com/product/3571/ DESCRIPTION: David Maciejak has discovered a vulnerability in Apache Tomcat, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the inefficient generation of directory listing for web directories that has a large number of files. By sending multiple concurrent requests for such a directory, it is possible to prevent other users from accessing the directory and causes the server to consume a large amount of CPU resources. The vulnerability affects only the directory that is being listed. Files or applications in other web directories are not affected. Successful exploitation requires that directory listing is enabled in a directory with a large number of files. The vulnerability has been confirmed in Tomcat version 5.5.11 and 5.5.12 on the Windows platform, and has been reported in versions 5.5.0 through 5.5.11. Other versions may also be affected. Note: In version 5.5.12, the server will resume normal operation after a few minutes. SOLUTION: The vulnerability has been partially addressed in version 5.5.12, which will resume normal operation after a few minutes. Disable directory listing for web directories that has a large number of files. PROVIDED AND/OR DISCOVERED BY: David Maciejak ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Mitigation: Upgrade to: 4.1.32 or later 5.5.1 or later 6.0.0 or later Example: This has only been reproduced using a debugger to force a particular processing sequence across two threads. 1. Set a breakpoint right after the place where a value is to be entered in the instance variable of regexp (search:org.apache.regexp.CharacterIterator). 2. Send a request from the IP address* which is not permitted. (stopped at the breakpoint) *About the IP address which is not permitted. The character strings length of the IP address which is set in RemoteAddrValve must be same. 3. Send a request from the IP address which was set in RemoteAddrValve. (stopped at the breakpoint) In this way, the instance variable is to be overwritten here. 4. Resume the thread which is processing the step 2 above. 5. The request from the not permitted IP address will succeed. References: http://tomcat.apache.org/security.html Mark Thomas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjuibsACgkQb7IeiTPGAkO33wCgiBY0nBdTaXBC8oPoHqMWH4mt OtgAmQHjgnxg0vKKSp43vez8XaBIZpOj =9Z/F -----END PGP SIGNATURE----- . Apache Tomcat 5.x: Update to version 5.5.1 or later. SOLUTION: Patches are scheduled for release. Use a proxy or firewall to protect resources. Version 5.5.x is intented for servlet/jsp specification 2.4/2.0. More information on http://tomcat.apache.org/ Description: Many time consuming directory listing requests can cause a denial of service. Detection/PoC: On Linux: Vulnerable version tested are 5.5.0 to 5.5.11. 5.5.12 and 5.0.28 seems not to be impacted. A easy way to test : -Download Tomcat package from Tomcat archive -Unpack it, use default configuration -In webapps example dir, add some empty files (enough for the dir listing request to be long) -Thread many listing access on this directory Workaround: Upgrade to linux version 5.5.12 PS: Secunia team have done more test available on http://secunia.com/advisories/17416/ David Maciejak -------------------------------------------------------------------------------- KYXAR.FR - Mail envoy\xe9 depuis http://webmail.kyxar.fr . ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: NEC WebOTX Products "RemoteFilterValve" Security Bypass Security Issue SECUNIA ADVISORY ID: SA35684 VERIFY ADVISORY: http://secunia.com/advisories/35684/ DESCRIPTION: A security issue has been reported in various NEC WebOTX products, which potentially can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to a synchronisation problem when checking IP addresses and can be exploited to bypass a filter valve that extends "RemoteFilterValve" and potentially gain access to protected contexts. The security issue is reported in the following products and versions: * WebOTX Web Edition version 4.x through 5.x * WebOTX Standard-J Edition version 4.x through 5.x * WebOTX Standard Edition version 4.x through 5.x * WebOTX Enterprise Edition version 4.x through 5.x * WebOTX UDDI Registry version 1.1 through 2.1 SOLUTION: Reportedly, patches are available. Contact the vendor's sales department for more information. For more information: SA32213 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

Trust: 2.52

sources: NVD: CVE-2008-3271 // JVNDB: JVNDB-2008-000069 // BID: 31698 // PACKETSTORM: 41248 // PACKETSTORM: 70828 // PACKETSTORM: 70882 // PACKETSTORM: 70792 // PACKETSTORM: 41335 // PACKETSTORM: 79028 // PACKETSTORM: 71395

AFFECTED PRODUCTS

vendor:apachemodel:tomcatscope:eqversion:5.5.0

Trust: 2.4

vendor:apachemodel:tomcatscope:eqversion:4.1.31

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:4.1.30

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:4.1.3

Trust: 1.9

vendor:apachemodel:tomcatscope:eqversion:4.1.9

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.5

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.7

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.4

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.6

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.8

Trust: 1.6

vendor:apachemodel:tomcatscope:eqversion:4.1.28

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.29

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.24

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.12

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.10

Trust: 1.3

vendor:apachemodel:tomcatscope:eqversion:4.1.11

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.14

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.18

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.20

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.23

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.26

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.22

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.17

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.19

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.13

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.15

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.25

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.2

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.0

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.21

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.27

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.1

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.16

Trust: 1.0

vendor:apachemodel:tomcatscope:eqversion:4.1.0 to 4.1.31

Trust: 0.8

vendor:fujitsumodel:interstage application framework suitescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage business application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:necmodel:webotx application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.0

Trust: 0.3

vendor:necmodel:webotx uddi registryscope:eqversion:2.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:necmodel:webotx standard-j editionscope:eqversion:4.x

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.3

Trust: 0.3

vendor:necmodel:webotx web editionscope:eqversion:5.x

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.2

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp2scope:eqversion:10

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:4.1.32

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:5.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j edition 6.0ascope: - version: -

Trust: 0.3

vendor:necmodel:webotx enterprise editionscope:eqversion:5.x

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:6.0

Trust: 0.3

vendor:necmodel:webotx web editionscope:eqversion:4.x

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprisescope:eqversion:8.0.0

Trust: 0.3

vendor:apachemodel:tomcatscope:eqversion:4.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:6.0

Trust: 0.3

vendor:necmodel:webotx enterprise editionscope:eqversion:4.x

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:6.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:redhatmodel:red hat network satellite (for rhelscope:eqversion:4)5.1

Trust: 0.3

vendor:necmodel:webotx standard editionscope:eqversion:5.x

Trust: 0.3

vendor:apachemodel:tomcat betascope:eqversion:4.1.3

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:7.0

Trust: 0.3

vendor:necmodel:webotx standard-j editionscope:eqversion:5.x

Trust: 0.3

vendor:susemodel:linux enterprise sdk 10.sp1scope: - version: -

Trust: 0.3

vendor:susemodel:linux enterprise server sp1scope:eqversion:10

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:redhatmodel:red hat network satellite serverscope:eqversion:5.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.3

Trust: 0.3

vendor:s u s emodel:novell linux posscope:eqversion:9

Trust: 0.3

vendor:necmodel:webotx uddi registryscope:eqversion:1.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:apachemodel:tomcatscope:neversion:6.0

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:0

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:s u s emodel:novell linux desktop sdkscope:eqversion:9.0

Trust: 0.3

vendor:necmodel:webotx standard editionscope:eqversion:4.x

Trust: 0.3

vendor:redhatmodel:red hat network satellite serverscope:eqversion:5.0

Trust: 0.3

sources: BID: 31698 // JVNDB: JVNDB-2008-000069 // CNNVD: CNNVD-200810-176 // NVD: CVE-2008-3271

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-3271
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2008-000069
value: LOW

Trust: 0.8

CNNVD: CNNVD-200810-176
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2008-3271
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2008-000069
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2008-000069 // CNNVD: CNNVD-200810-176 // NVD: CVE-2008-3271

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2008-000069 // NVD: CVE-2008-3271

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200810-176

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-200810-176

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-000069

PATCH

title:Security Updatesurl:http://tomcat.apache.org/security

Trust: 0.8

title:Apache Tomcat 4.x vulnerabilitiesurl:http://tomcat.apache.org/security-4.html

Trust: 0.8

title:Apache Tomcat 5.x vulnerabilitiesurl:http://tomcat.apache.org/security-5.html

Trust: 0.8

title:Bug 25835url:https://issues.apache.org/bugzilla/show_bug.cgi?id=25835

Trust: 0.8

title:interstage-200806eurl:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html

Trust: 0.8

title:NV09-006url:http://www.nec.co.jp/security-info/secinfo/nv09-006.html

Trust: 0.8

sources: JVNDB: JVNDB-2008-000069

EXTERNAL IDS

db:JVNDBid:JVNDB-2008-000069

Trust: 2.8

db:NVDid:CVE-2008-3271

Trust: 2.8

db:BIDid:31698

Trust: 2.7

db:SECUNIAid:32213

Trust: 2.6

db:SECUNIAid:32234

Trust: 2.6

db:JVNid:JVN30732239

Trust: 2.6

db:SECUNIAid:35684

Trust: 1.8

db:SECUNIAid:32398

Trust: 1.7

db:SREASONid:4396

Trust: 1.6

db:SECTRACKid:1021039

Trust: 1.6

db:VUPENid:ADV-2008-2793

Trust: 1.6

db:VUPENid:ADV-2008-2800

Trust: 1.6

db:VUPENid:ADV-2009-1818

Trust: 1.6

db:CNNVDid:CNNVD-200810-176

Trust: 0.6

db:SECUNIAid:17416

Trust: 0.2

db:PACKETSTORMid:41248

Trust: 0.1

db:PACKETSTORMid:70828

Trust: 0.1

db:PACKETSTORMid:70882

Trust: 0.1

db:PACKETSTORMid:70792

Trust: 0.1

db:PACKETSTORMid:41335

Trust: 0.1

db:PACKETSTORMid:79028

Trust: 0.1

db:PACKETSTORMid:71395

Trust: 0.1

sources: BID: 31698 // JVNDB: JVNDB-2008-000069 // PACKETSTORM: 41248 // PACKETSTORM: 70828 // PACKETSTORM: 70882 // PACKETSTORM: 70792 // PACKETSTORM: 41335 // PACKETSTORM: 79028 // PACKETSTORM: 71395 // CNNVD: CNNVD-200810-176 // NVD: CVE-2008-3271

REFERENCES

url:http://www.securityfocus.com/bid/31698

Trust: 3.0

url:http://jvn.jp/en/jp/jvn30732239/index.html

Trust: 2.6

url:http://secunia.com/advisories/32234

Trust: 2.4

url:http://tomcat.apache.org/security-4.html

Trust: 2.0

url:http://tomcat.apache.org/security-5.html

Trust: 2.0

url:https://issues.apache.org/bugzilla/show_bug.cgi?id=25835

Trust: 2.0

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html

Trust: 2.0

url:http://jvndb.jvn.jp/en/contents/2008/jvndb-2008-000069.html

Trust: 2.0

url:http://www.nec.co.jp/security-info/secinfo/nv09-006.html

Trust: 2.0

url:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html

Trust: 1.7

url:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:http://www.vupen.com/english/advisories/2008/2800

Trust: 1.6

url:http://secunia.com/advisories/32398

Trust: 1.6

url:http://secunia.com/advisories/32213

Trust: 1.6

url:http://www.securityfocus.com/archive/1/497220/100/0/threaded

Trust: 1.6

url:http://securityreason.com/securityalert/4396

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/45791

Trust: 1.6

url:http://secunia.com/advisories/35684

Trust: 1.6

url:http://www.securitytracker.com/id?1021039

Trust: 1.6

url:http://www.vupen.com/english/advisories/2008/2793

Trust: 1.6

url:http://www.vupen.com/english/advisories/2009/1818

Trust: 1.6

url:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e

Trust: 1.6

url:http://secunia.com/advisories/32213/

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3271

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/2793

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3271

Trust: 0.8

url:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e

Trust: 0.6

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.5

url:http://tomcat.apache.org/

Trust: 0.4

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.4

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.4

url:/archive/1/497220

Trust: 0.3

url:http://secunia.com/binary_analysis/sample_analysis/

Trust: 0.3

url:http://secunia.com/advisories/17416/

Trust: 0.2

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/3571/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-3271

Trust: 0.1

url:https://issues.apache.org/bugzilla/show_bug.cgi?id=25835)

Trust: 0.1

url:http://tomcat.apache.org/security.html

Trust: 0.1

url:http://enigmail.mozdev.org

Trust: 0.1

url:http://secunia.com/advisories/product/328/

Trust: 0.1

url:http://secunia.com/advisories/product/3571/

Trust: 0.1

url:http://secunia.com/advisories/32234/

Trust: 0.1

url:http://secunia.com/advisories/product/13693/

Trust: 0.1

url:http://secunia.com/advisories/product/15986/

Trust: 0.1

url:http://secunia.com/advisories/product/13690/

Trust: 0.1

url:http://secunia.com/advisories/product/13688/

Trust: 0.1

url:http://secunia.com/advisories/product/15610/

Trust: 0.1

url:http://secunia.com/advisories/product/13685/

Trust: 0.1

url:http://secunia.com/advisories/product/13687/

Trust: 0.1

url:http://secunia.com/advisories/product/13689/

Trust: 0.1

url:http://secunia.com/advisories/product/13686/

Trust: 0.1

url:http://secunia.com/advisories/product/13692/

Trust: 0.1

url:http://webmail.kyxar.fr

Trust: 0.1

url:http://secunia.com/advisories/35684/

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://secunia.com/advisories/32398/

Trust: 0.1

url:http://secunia.com/advisories/product/4664/

Trust: 0.1

url:http://secunia.com/advisories/product/13375/

Trust: 0.1

url:http://secunia.com/advisories/product/4118/

Trust: 0.1

url:http://secunia.com/advisories/product/12192/

Trust: 0.1

sources: BID: 31698 // JVNDB: JVNDB-2008-000069 // PACKETSTORM: 41248 // PACKETSTORM: 70828 // PACKETSTORM: 70882 // PACKETSTORM: 70792 // PACKETSTORM: 41335 // PACKETSTORM: 79028 // PACKETSTORM: 71395 // CNNVD: CNNVD-200810-176 // NVD: CVE-2008-3271

CREDITS

Kenichi Tsukamoto

Trust: 0.9

sources: BID: 31698 // CNNVD: CNNVD-200810-176

SOURCES

db:BIDid:31698
db:JVNDBid:JVNDB-2008-000069
db:PACKETSTORMid:41248
db:PACKETSTORMid:70828
db:PACKETSTORMid:70882
db:PACKETSTORMid:70792
db:PACKETSTORMid:41335
db:PACKETSTORMid:79028
db:PACKETSTORMid:71395
db:CNNVDid:CNNVD-200810-176
db:NVDid:CVE-2008-3271

LAST UPDATE DATE

2024-11-23T20:15:01.679000+00:00


SOURCES UPDATE DATE

db:BIDid:31698date:2009-07-08T21:46:00
db:JVNDBid:JVNDB-2008-000069date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200810-176date:2023-02-14T00:00:00
db:NVDid:CVE-2008-3271date:2024-11-21T00:48:51.353

SOURCES RELEASE DATE

db:BIDid:31698date:2008-10-10T00:00:00
db:JVNDBid:JVNDB-2008-000069date:2008-10-10T00:00:00
db:PACKETSTORMid:41248date:2005-11-03T23:53:58
db:PACKETSTORMid:70828date:2008-10-11T18:33:31
db:PACKETSTORMid:70882date:2008-10-13T22:53:24
db:PACKETSTORMid:70792date:2008-10-10T23:03:15
db:PACKETSTORMid:41335date:2005-11-08T14:26:54
db:PACKETSTORMid:79028date:2009-07-08T14:53:57
db:PACKETSTORMid:71395date:2008-10-31T18:08:14
db:CNNVDid:CNNVD-200810-176date:2008-10-13T00:00:00
db:NVDid:CVE-2008-3271date:2008-10-13T20:00:02.057