{
  "threat_severity" : "Low",
  "public_date" : "2008-10-09T00:00:00Z",
  "bugzilla" : {
    "description" : "tomcat  RemoteFilterValve Information disclosure",
    "id" : "466875",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
  },
  "details" : [ "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Network Satellite Server v 5.0",
    "release_date" : "2008-12-08T00:00:00Z",
    "advisory" : "RHSA-2008:1007",
    "cpe" : "cpe:/a:redhat:network_satellite:5.0:el4",
    "package" : "tomcat5-0:5.0.30-0jpp_12rh"
  }, {
    "product_name" : "Red Hat Network Satellite Server v 5.1",
    "release_date" : "2008-12-08T00:00:00Z",
    "advisory" : "RHSA-2008:1007",
    "cpe" : "cpe:/a:redhat:network_satellite:5.1::el4",
    "package" : "tomcat5-0:5.0.30-0jpp_12rh"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2008-3271\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-3271" ],
  "name" : "CVE-2008-3271",
  "csaw" : false
}