Apache Tomcat Permissions Privileges and Access Controls Vulnerability - CVE-2008-3271

Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread leading to an instance-variable overwrite associated with a quotsynchronization problemquot and lack of thread safety and related to RemoteFilterValve RemoteAddrValve and RemoteHostValve.