Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xaHF2LXE0eGctZjZnN811Cg
Apache Tomcat AJP Connector Information Leak
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
Permalink: https://github.com/advisories/GHSA-qhqv-q4xg-f6g7JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xaHF2LXE0eGctZjZnN811Cg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
EPSS Percentage: 0.00903
EPSS Percentile: 0.83021
Identifiers: GHSA-qhqv-q4xg-f6g7, CVE-2005-3164
References:
- https://nvd.nist.gov/vuln/detail/CVE-2005-3164
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
- http://jvn.jp/jp/JVN%2379314822/index.html
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
- http://support.apple.com/kb/HT2163
- http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
- https://web.archive.org/web/20051215074217/http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
- https://web.archive.org/web/20081202183445/http://www.securityfocus.com/bid/15003
- https://github.com/advisories/GHSA-qhqv-q4xg-f6g7
Affected Packages
maven:org.apache.tomcat:tomcat
Dependent packages: 30Dependent repositories: 438
Downloads:
Affected Version Ranges: >= 4.1.0, <= 4.1.36, >= 4.0.1, <= 4.0.6
No known fixed version
All affected versions: