CVE-2008-4308

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 4.1.32 through 4.1.34 Apache Tomcat versions 5.5.10 through 5.5.20

Description The issue is related to the doRead method, which fails to return a -1 when a certain error condition occurs. This can cause Tomcat to send POST content from one request to a different request, potentially leading to the disclosure of sensitive information. For the issue to exist, the content read from the input stream must be disclosed before an ArrayIndexOutOfBoundsException occurs, which halts the processing of the request.

Recommendations For Apache Tomcat versions 4.1.32 through 4.1.34, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 5.5.10 through 5.5.20, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and ensuring that POST content is properly handled to minimize the risk of exploitation.