Intrusion Prevention

Apache.Tomcat.RequestDispatcher.Information.Disclosure

Description

This indicates an attempt to exploit an information-disclosure vulnerability in Apache Tomcat.
The vulnerability is a result of the application's failure to validate user input before processing HTTP requests. As a result, a remote attacker can send a crafted request to obtain the sensitive information on the server.

Affected Products

Apache Tomcat 4.x, 5.x, 6.x

Impact

Information Disclosure.

Recommended Actions

Apply the latest update from the vendor.
http://mirror.atlanticmetro.net/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz

CVE References

CVE-2008-5515 CVE-2008-2370