Description

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Remediation

References

CVE-2005-3164

Related Vulnerabilities

WordPress Plugin Insert Pages Directory Traversal (3.2.3)

Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2928)

WordPress Plugin EZ Portfolio Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4214)

Django Insufficiently Protected Credentials Vulnerability (CVE-2018-16984)

Severity

Low

Classification

CVE-2005-3164 CWE-200

Tags

Missing Update Known Vulnerabilities