Description
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
Remediation
References
Related Vulnerabilities
WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)
Magento Cleartext Storage of Sensitive Information Vulnerability (CVE-2019-8118)
MySQL CVE-2016-3614 Vulnerability (CVE-2016-3614)
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1041)
Oracle Application Server Other Vulnerability (CVE-2005-1496)