Test ID:	1.3.6.1.4.1.25623.1.0.800024
Category:	Web Servers
Title:	Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Summary:	Apache Tomcat Server is running on this host and that is prone to; a security bypass vulnerability.
Description:	Summary: Apache Tomcat Server is running on this host and that is prone to a security bypass vulnerability. Vulnerability Insight: Flaw in the application is due to the synchronisation problem when checking IP addresses. This could allow user from a non permitted IP address to gain access to a context that is protected with a valve that extends RemoteFilterValve including the standard RemoteAddrValve and RemoteHostValve implementations. Vulnerability Impact: Successful attempt could lead to remote code execution and attacker can gain access to context of the filtered value. Affected Software/OS: Apache Tomcat version 4.1.x - 4.1.31, and 5.5.0. Solution: Upgrade to Apache Tomcat version 4.1.32, or 5.5.1, or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3271 1021039 http://www.securitytracker.com/id?1021039 20081009 [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure http://www.securityfocus.com/archive/1/497220/100/0/threaded 31698 http://www.securityfocus.com/bid/31698 32213 http://secunia.com/advisories/32213 32234 http://secunia.com/advisories/32234 32398 http://secunia.com/advisories/32398 35684 http://secunia.com/advisories/35684 4396 http://securityreason.com/securityalert/4396 ADV-2008-2793 http://www.vupen.com/english/advisories/2008/2793 ADV-2008-2800 http://www.vupen.com/english/advisories/2008/2800 ADV-2009-1818 http://www.vupen.com/english/advisories/2009/1818 JVN#30732239 http://jvn.jp/en/jp/JVN30732239/index.html JVNDB-2008-000069 http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000069.html SUSE-SR:2008:023 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00012.html [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/ https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/ https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E apache-tomcat-valve-security-bypass(45791) https://exchange.xforce.ibmcloud.com/vulnerabilities/45791 http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-200806e.html http://www.nec.co.jp/security-info/secinfo/nv09-006.html https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.