Description

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

Remediation

References

CVE-2008-3271

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2001-0407)

Nginx Insufficient Session Expiration Vulnerability (CVE-2014-3616)

WordPress Plugin Manage Calameo Publications by Athlon Cross-Site Scripting (1.1.0)

Apache 2.2.14 mod_isapi Dangling Pointer

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10802)

Severity

Medium

Classification

CVE-2008-3271 CWE-264

Tags

Missing Update Known Vulnerabilities