Summary
Apache Tomcat Server is running on this host and that is prone to security bypass vulnerability.
Impact
Successful attempt could lead to remote code execution and attacker can gain access to context of the filtered value.
Impact Level: Application
Solution
Upgrade to Apache Tomcat version 4.1.32, or 5.5.1, or later, http://archive.apache.org/dist/tomcat/
Insight
Flaw in the application is due to the synchronisation problem when checking IP addresses. This could allow user from a non permitted IP address to gain access to a context that is protected with a valve that extends RemoteFilterValve including the standard RemoteAddrValve and RemoteHostValve implementations.
Affected
Apache Tomcat version 4.1.x - 4.1.31, and 5.5.0
References
Severity
Classification
-
CVE CVE-2008-3271 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities