CVE-2008-3271

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2008-3271 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Mark Thomas.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2008-3271

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Tomcat versions 4.1.0 up to 4.1.31
* Tomcat version 5.5.0

Immune Systems:
* Tomcat version 6.0.x
* Tomcat version 4.1.32
* Tomcat version 5.5.1

Example:
This has only been reproduced using a debugger to force a particular processing sequence across two threads.
1. Set a breakpoint right after the place where a value is to be entered in the instance variable of regexp (search:org.apache.regexp.CharacterIterator).

2. Send a request from the IP address* which is not permitted. (stopped at the breakpoint)

*About the IP address which is not permitted. The character strings length of the IP address which is set in RemoteAddrValve must be same.

3. Send a request from the IP address which was set in RemoteAddrValve. (stopped at the breakpoint)

In this way, the instance variable is to be overwritten here.

4. Resume the thread which is processing the step 2 above.

5. The request from the not permitted IP address will succeed.

CVE Information:
CVE-2008-3271

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus