CVE-2008-4308

Description

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

Risk Information

Base Score

8.6

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

Exploitation Probability

7.599

Associated Vulnerability

Vulnerability	OS Platform
Update Tomcat to 9.5.14	Windows
Update Tomcat to 9.5.5	Windows
Update Tomcat to 9.5.7	Windows
Update Tomcat to 9.5.8	Windows
Update Tomcat to 9.6.10	Windows
Update Tomcat to 9.6.3	Windows
Update Tomcat to 9.6.4	Windows
Update Tomcat to 9.6.7	Windows
Update Tomcat to 9.6.8	Windows
Update Tomcat to 2.4.5	Windows
Update Tomcat to 3.0.14	Windows
Update Apache Tomcat to 5.5.18	Windows
Vulnerabilities CVE-2008-4308 are fixed in Apache - tomcat 4.1.35	Windows
Vulnerabilities CVE-2008-4308 are fixed in Apache - tomcat 5.5.21	Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.9	Windows
Update Tomcat to 9.5.14 (For Linux)	Linux
Update Tomcat to 9.5.5 (For Linux)	Linux
Update Tomcat to 9.5.7 (For Linux)	Linux
Update Tomcat to 9.5.8 (For Linux)	Linux
Update Tomcat to 9.6.10 (For Linux)	Linux
Update Tomcat to 9.6.3 (For Linux)	Linux
Update Tomcat to 9.6.4 (For Linux)	Linux
Update Tomcat to 9.6.7 (For Linux)	Linux
Update Tomcat to 9.6.8 (For Linux)	Linux
Update Tomcat to 2.4.5 (For Linux)	Linux
Update Tomcat to 3.0.14 (For Linux)	Linux
Update Apache Tomcat to 5.5.18 (For Linux)	Linux
Vulnerabilities CVE-2008-4308 are fixed in Apache - tomcat for Linux 4.1.35	Linux
Vulnerabilities CVE-2008-4308 are fixed in Apache - tomcat for Linux 5.5.21	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234