Description
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
Remediation
References
Related Vulnerabilities
Elementor Website Builder Cross-Site Scripting (2.9.8)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)
Joomla! Core 3.x.x SQL Injection (3.1.0 - 3.2.2)
WordPress-Amazon-Associate (WPAA) Cross-Site Scripting (2.0)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0060)