Description

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Remediation

References

CVE-2005-3164

Related Vulnerabilities

WordPress Plugin WP Job Manager Privilege Escalation (1.34.3)

Dotclear Other Vulnerability (CVE-2014-3782)

Apache Tomcat Incorrect Authorization Vulnerability (CVE-2016-6797)

WordPress Plugin MasterStudy LMS-for Online Courses and Education SQL Injection (3.2.5)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.0)

Severity

Low

Classification

CVE-2005-3164 CWE-200

Tags

Missing Update Known Vulnerabilities