Description

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

Remediation

References

CVE-2008-4308

Related Vulnerabilities

WordPress Plugin ComicPress Manager 'lang' Parameter Cross-Site Scripting (1.4.9.9)

WordPress Plugin LOGOSWARE SUITE Uploader Arbitrary File Upload (1.1.6)

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (5.7.7)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4051)

WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (1.5.7)

Severity

Low

Classification

CVE-2008-4308 CWE-200

Tags

Missing Update Known Vulnerabilities