CVE-2005-3164

 

Published at: - 06-10-2005 12:02

Last modified: - 03-02-2022 08:39

Total changes: - 2

Description

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:H/Au:N/C:P/I:N/A:N

 

Verification logic

 

Reference

• http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
• JVN#79314822-VDB Entry
• 15003-Third Party Advisory, VDB Entry
• 17019-Broken Link, Vendor Advisory
• http://tomcat.apache.org/security-4.html
• http://support.apple.com/kb/HT2163
• APPLE-SA-2008-06-30-Mailing List, Third Party Advisory
• 239312-Broken Link
• 30802-Broken Link, Vendor Advisory
• 30908-Broken Link, Vendor Advisory
• 30899-Broken Link, Vendor Advisory
• ADV-2008-1979-Vendor Advisory
• ADV-2008-1981-Vendor Advisory
• [tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/-Mailing List, Third Party Advisory
• [tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/-Mailing List, Third Party Advisory
• [tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/-Mailing List, Third Party Advisory

 

Keywords

NVD

 

CVE-2005-3164

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures