Search for vulnerabilities
Vulnerability details: VCID-z2f7-s672-aaan
Vulnerability ID VCID-z2f7-s672-aaan
Aliases CVE-2008-0002
GHSA-5x5f-9r6q-q7mh
Summary CVE-2008-0002 Tomcat information disclosure vulnerability
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
cvssv3.1 5.3 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
cvssv3.1 7.5 http://marc.info/?l=bugtraq&m=139344343412337&w=2
generic_textual MODERATE http://marc.info/?l=bugtraq&m=139344343412337&w=2
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0151
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0158
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0213
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00175 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00201 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00201 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00201 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00201 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.00462 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.04097 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
epss 0.06644 https://api.first.org/data/v1/epss?cve=CVE-2008-0002
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=432327
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002
generic_textual MODERATE http://secunia.com/advisories/28915
generic_textual MODERATE http://secunia.com/advisories/29711
generic_textual MODERATE http://secunia.com/advisories/32222
cvssv3.1 4.2 http://secunia.com/advisories/37460
generic_textual MODERATE http://secunia.com/advisories/37460
generic_textual MODERATE http://secunia.com/advisories/57126
generic_textual MODERATE http://security.gentoo.org/glsa/glsa-200804-10.xml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-5x5f-9r6q-q7mh
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2008-0002
generic_textual MODERATE http://support.apple.com/kb/HT3216
generic_textual MODERATE https://web.archive.org/web/20080214133036/http://secunia.com/advisories/28915
generic_textual MODERATE https://web.archive.org/web/20080715062302/http://secunia.com/advisories/29711
generic_textual MODERATE https://web.archive.org/web/20080724052339/http://secunia.com/advisories/28834
generic_textual MODERATE https://web.archive.org/web/20081012021650/http://www.securityfocus.com/bid/27703
generic_textual MODERATE https://web.archive.org/web/20081013050642/http://secunia.com/advisories/32222
generic_textual MODERATE https://web.archive.org/web/20081120062646/http://securityreason.com/securityalert/3638
generic_textual MODERATE https://web.archive.org/web/20081121133027/http://www.securityfocus.com/archive/1/487812/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20091125140215/http://secunia.com/advisories/37460
generic_textual MODERATE https://web.archive.org/web/20120825080137/http://www.securityfocus.com/bid/31681
generic_textual MODERATE https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
generic_textual MODERATE https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
generic_textual MODERATE https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
cvssv3.1 9.8 http://tomcat.apache.org/security-6.html
generic_textual CRITICAL http://tomcat.apache.org/security-6.html
cvssv3.1 4.2 http://www.securityfocus.com/archive/1/507985/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/archive/1/507985/100/0/threaded
generic_textual MODERATE http://www.securityfocus.com/bid/31681
cvssv3.1 4.2 http://www.vmware.com/security/advisories/VMSA-2009-0016.html
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2009-0016.html
generic_textual MODERATE http://www.vupen.com/english/advisories/2008/0488
generic_textual MODERATE http://www.vupen.com/english/advisories/2008/2780
cvssv3.1 4.2 http://www.vupen.com/english/advisories/2009/3316
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/3316
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0002.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0002
http://secunia.com/advisories/28834
http://secunia.com/advisories/28915
http://secunia.com/advisories/29711
http://secunia.com/advisories/32222
http://secunia.com/advisories/37460
http://secunia.com/advisories/57126
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://securityreason.com/securityalert/3638
https://github.com/apache/tomcat
http://support.apple.com/kb/HT3216
https://web.archive.org/web/20080214133036/http://secunia.com/advisories/28915
https://web.archive.org/web/20080715062302/http://secunia.com/advisories/29711
https://web.archive.org/web/20080724052339/http://secunia.com/advisories/28834
https://web.archive.org/web/20081012021650/http://www.securityfocus.com/bid/27703
https://web.archive.org/web/20081013050642/http://secunia.com/advisories/32222
https://web.archive.org/web/20081120062646/http://securityreason.com/securityalert/3638
https://web.archive.org/web/20081121133027/http://www.securityfocus.com/archive/1/487812/100/0/threaded
https://web.archive.org/web/20091125140215/http://secunia.com/advisories/37460
https://web.archive.org/web/20120825080137/http://www.securityfocus.com/bid/31681
https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126
https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
http://tomcat.apache.org/security-6.html
http://www.securityfocus.com/archive/1/487812/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/27703
http://www.securityfocus.com/bid/31681
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2008/0488
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2009/3316
432327 https://bugzilla.redhat.com/show_bug.cgi?id=432327
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
CVE-2008-0002 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002
CVE-2008-0002 https://nvd.nist.gov/vuln/detail/CVE-2008-0002
GHSA-5x5f-9r6q-q7mh https://github.com/advisories/GHSA-5x5f-9r6q-q7mh
GLSA-200804-10 https://security.gentoo.org/glsa/200804-10
RHSA-2008:0151 https://access.redhat.com/errata/RHSA-2008:0151
RHSA-2008:0158 https://access.redhat.com/errata/RHSA-2008:0158
RHSA-2008:0213 https://access.redhat.com/errata/RHSA-2008:0213
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://marc.info/?l=bugtraq&m=139344343412337&w=2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://secunia.com/advisories/37460
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0002
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://www.securityfocus.com/archive/1/507985/100/0/threaded
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Found at http://www.vupen.com/english/advisories/2009/3316
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.55557
EPSS Score 0.00175
Published At Nov. 18, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.