Description

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

Remediation

References

CVE-2008-4308

Related Vulnerabilities

WordPress Plugin 3DPrint Lite Cross-Site Scripting (1.9.1.5)

MySQL CVE-2019-2685 Vulnerability (CVE-2019-2685)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0059)

Jenkins Missing Authorization Vulnerability (CVE-2021-21694)

Oracle Database Server CVE-2011-0877 Vulnerability (CVE-2011-0877)

Severity

Low

Classification

CVE-2008-4308 CWE-200

Tags

Missing Update Known Vulnerabilities