Description
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
Remediation
References
http://marc.info/?l=bugtraq&m=132215163318824&w=2
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/45748
http://secunia.com/advisories/48308
http://secunia.com/advisories/49094
http://secunia.com/advisories/57126
http://securityreason.com/securityalert/8362
http://www.debian.org/security/2012/dsa-2401
http://www.mandriva.com/security/advisories?name=MDVSA-2011:156
http://www.securityfocus.com/archive/1/519466/100/0/threaded
http://www.securityfocus.com/bid/49353
http://www.securitytracker.com/id?1025993
https://exchange.xforce.ibmcloud.com/vulnerabilities/69472
https://issues.apache.org/bugzilla/show_bug.cgi?id=51698
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19465
Related Vulnerabilities
CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-dom
CVE-2022-34169 Vulnerability in maven package xalan:xalan
CVE-2023-35141 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_sjs1_2.13
CVE-2018-1999025 Vulnerability in maven package de.tracetronic.jenkins.plugins:ecutest