Description

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Remediation

References

CVE-2005-3164

Related Vulnerabilities

MySQL CVE-2015-4866 Vulnerability (CVE-2015-4866)

WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Request Forgery (2.57)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21729)

WordPress Plugin IzeeChat-Live Chat Cross-Site Scripting (1.0)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10003)

Severity

Low

Classification

CVE-2005-3164 CWE-200

Tags

Missing Update Known Vulnerabilities