WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-3164)

Description

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Remediation

References

Related Vulnerabilities

WordPress Plugin Contact Form 7 Multi-Step Forms Security Bypass (3.0.8)

WordPress Plugin Stylish Price List Security Bypass (6.9.0)

WordPress Plugin Paid Memberships Pro-Content Restriction, User Registration, & Paid Subscriptions SQL Injection (2.9.11)

WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)

WordPress Plugin WP User Switch Security Bypass (1.0.2)

Severity

Low

Classification

CVE-2005-3164 CWE-200

Tags

Missing Update Known Vulnerabilities