CVE-2008-3271

Description

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a synchronization problem and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.

Risk Information

Base Score

7.5

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

4.3

Associated Vulnerability

Vulnerability	OS Platform
Update Tomcat to 9.5.14	Windows
Update Tomcat to 9.5.5	Windows
Update Tomcat to 9.5.7	Windows
Update Tomcat to 9.5.8	Windows
Update Tomcat to 9.6.10	Windows
Update Tomcat to 9.6.3	Windows
Update Tomcat to 9.6.4	Windows
Update Tomcat to 9.6.7	Windows
Update Tomcat to 9.6.8	Windows
Update Tomcat to 2.4.5	Windows
Update Tomcat to 3.0.14	Windows
Update Tomcat to 9.5.14 (For Linux)	Linux
Update Tomcat to 9.5.5 (For Linux)	Linux
Update Tomcat to 9.5.7 (For Linux)	Linux
Update Tomcat to 9.5.8 (For Linux)	Linux
Update Tomcat to 9.6.10 (For Linux)	Linux
Update Tomcat to 9.6.3 (For Linux)	Linux
Update Tomcat to 9.6.4 (For Linux)	Linux
Update Tomcat to 9.6.7 (For Linux)	Linux
Update Tomcat to 9.6.8 (For Linux)	Linux
Update Tomcat to 2.4.5 (For Linux)	Linux
Update Tomcat to 3.0.14 (For Linux)	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234