Description
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
Remediation
References
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/28834
http://secunia.com/advisories/28915
http://secunia.com/advisories/29711
http://secunia.com/advisories/32222
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://securityreason.com/securityalert/3638
http://support.apple.com/kb/HT3216
http://tomcat.apache.org/security-6.html
http://www.securityfocus.com/archive/1/487812/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/27703
http://www.securityfocus.com/bid/31681
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2008/0488
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/3316
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
Related Vulnerabilities
CVE-2022-31180 Vulnerability in npm package shescape
CVE-2022-21186 Vulnerability in npm package @acrontum/filesystem-template
CVE-2019-13416 Vulnerability in maven package com.floragunn:search-guard-6
CVE-2010-3718 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2015-0254 Vulnerability in maven package taglibs:standard