Description
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gravity Forms Cross-Site Scripting (1.9.15.11)
WebLogic CVE-2016-0577 Vulnerability (CVE-2016-0577)
Moodle Improper Authentication Vulnerability (CVE-2011-4590)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0931)
Piwigo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-9464)