Description

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Remediation

References

CVE-2005-3164

Related Vulnerabilities

Jenkins Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3666)

Apache Tomcat Other Vulnerability (CVE-2005-3510)

WordPress Plugin Share Posts To Email Cross-Site Scripting (1.0.2)

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.9.7)

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3785)

Severity

Low

Classification

CVE-2005-3164 CWE-200

Tags

Missing Update Known Vulnerabilities