Description
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
Remediation
References
Related Vulnerabilities
WordPress Plugin Comments-wpDiscuz Cross-Site Request Forgery (3.2.8)
Python Improper Input Validation Vulnerability (CVE-2018-20852)
WordPress Plugin WP Affiliate Platform Multiple Vulnerabilities (6.3.9)
CubeCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3724)
Atlassian Jira CVE-2021-39121 Vulnerability (CVE-2021-39121)