Description
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
Remediation
References
http://tomcat.apache.org/security-6.html
http://www.securityfocus.com/bid/27703
http://secunia.com/advisories/28834
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
http://secunia.com/advisories/28915
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://secunia.com/advisories/29711
http://securityreason.com/securityalert/3638
http://www.securityfocus.com/bid/31681
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://secunia.com/advisories/32222
http://support.apple.com/kb/HT3216
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://secunia.com/advisories/37460
http://www.vupen.com/english/advisories/2008/0488
http://www.vupen.com/english/advisories/2008/2780
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/487812/100/0/threaded
Related Vulnerabilities
CVE-2023-32731 Vulnerability in maven package io.grpc:grpc-protobuf
CVE-2015-0254 Vulnerability in maven package jstl:jstl
CVE-2009-0217 Vulnerability in maven package org.apache.santuario:xmlsec
CVE-2023-47323 Vulnerability in maven package org.silverpeas.core:silverpeas-core-api
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on