Description
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
Remediation
References
Related Vulnerabilities
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5270)
MediaWiki Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-8004)
WordPress Plugin Justified Gallery Cross-Site Scripting (1.7.0)
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.5)