GHSA-7g59-hm8v-cwmc

Suggest an improvement
Source
https://github.com/advisories/GHSA-7g59-hm8v-cwmc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7g59-hm8v-cwmc/GHSA-7g59-hm8v-cwmc.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-7g59-hm8v-cwmc
Aliases
  • CVE-2008-4308
Published
2022-05-02T00:08:50Z
Modified
2024-02-09T17:12:53.198296Z
Summary
Apache Tomcat information disclosure vulnerability
Details

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

Database specific
{
    "nvd_published_at": "2009-02-26T23:30:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-09T16:55:53Z"
}
References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.32
Fixed
4.1.35

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.10
Fixed
5.5.21