CVE-2008-0002 Information

Description

Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing which might allow remote attackers to obtain sensitive information as demonstrated by disconnecting during this processing in order to trigger the exception.

Reference

http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/28834 http://secunia.com/advisories/28915 http://secunia.com/advisories/29711 http://secunia.com/advisories/32222 http://secunia.com/advisories/37460 http://secunia.com/advisories/57126 http://security.gentoo.org/glsa/glsa-200804-10.xml http://securityreason.com/securityalert/3638 http://support.apple.com/kb/HT3216 http://tomcat.apache.org/security-6.html http://www.securityfocus.com/archive/1/487812/100/0/threaded http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/27703 http://www.securityfocus.com/bid/31681 http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2008/0488 http://www.vupen.com/english/advisories/2008/2780 http://www.vupen.com/english/advisories/2009/3316 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html