CVE-2008-4308

描述

The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.

如何修補 CVE-2008-4308

要修補 CVE-2008-4308,請將受影響套件升級到下列已修補版本。

• Maven/org.apache.tomcat:tomcat—升級至 4.1.35 或更新版本

CVE-2008-4308 正在被利用嗎?

中等 — EPSS 為 7.6%,可持續追蹤但非最高優先。

受影響套件(1)

• >= 4.1.32, < 4.1.35

參考連結(14)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2008-4308
• PATCHgithub.com/apache/tomcat
• WEBjvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000010.html
• WEBjvn.jp/en/jp/JVN66905322/index.html
• WEBissues.apache.org