Description
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Remediation
References
http://www.securityfocus.com/bid/49353
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
http://secunia.com/advisories/45748
http://www.securitytracker.com/id?1025993
http://securityreason.com/securityalert/8362
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
http://www.debian.org/security/2012/dsa-2401
http://secunia.com/advisories/49094
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://marc.info/?l=bugtraq&m=133469267822771&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
http://secunia.com/advisories/48308
http://www.securityfocus.com/archive/1/519466/100/0/threaded
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E