CVE-2008-4308
Apache Tomcat information disclosure vulnerability
EPSS 7.6%
Description
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
How to fix CVE-2008-4308
To remediate CVE-2008-4308, upgrade the affected package to a fixed version below.
- Maven/org.apache.tomcat:tomcat—upgrade to 4.1.35 or later
Is CVE-2008-4308 being exploited?
Moderate — EPSS is 7.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 4.1.32, < 4.1.35