Vulnerability Details : CVE-2008-0002
Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
Threat overview for CVE-2008-0002
Top countries where our scanners detected CVE-2008-0002
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-0002 880
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-0002!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-0002
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-0002
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
References for CVE-2008-0002
-
http://securityreason.com/securityalert/3638
-
http://marc.info/?l=bugtraq&m=139344343412337&w=2
'[security bulletin] HPSBST02955 rev.1 - HP XP P9000 Performance Advisor Software, 3rd party Software' - MARC
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
[SECURITY] Fedora 8 Update: tomcat5-5.5.26-1jpp.2.fc8
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://tomcat.apache.org/security-6.html
Apache Tomcat® - Apache Tomcat 6 vulnerabilities
-
http://security.gentoo.org/glsa/glsa-200804-10.xml
Tomcat: Multiple vulnerabilities (GLSA 200804-10) — Gentoo security
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
-
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:004 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
[SECURITY] Fedora 7 Update: tomcat5-5.5.26-1jpp.2.fc7
-
http://www.securityfocus.com/archive/1/487812/100/0/threaded
-
http://www.vupen.com/english/advisories/2008/2780
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
-
http://www.securityfocus.com/bid/27703
-
http://www.vupen.com/english/advisories/2008/0488
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://support.apple.com/kb/HT3216
About Security Update 2008-007 - Apple Support
- http://www.securityfocus.com/bid/31681
Products affected by CVE-2008-0002
- cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*