Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1xaHF2LXE0eGctZjZnN811Cg

Apache Tomcat AJP Connector Information Leak

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Permalink: https://github.com/advisories/GHSA-qhqv-q4xg-f6g7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xaHF2LXE0eGctZjZnN811Cg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: about 1 year ago


EPSS Percentage: 0.00903
EPSS Percentile: 0.83021

Identifiers: GHSA-qhqv-q4xg-f6g7, CVE-2005-3164
References: Blast Radius: 0.0

Affected Packages

maven:org.apache.tomcat:tomcat
Dependent packages: 30
Dependent repositories: 438
Downloads:
Affected Version Ranges: >= 4.1.0, <= 4.1.36, >= 4.0.1, <= 4.0.6
No known fixed version
All affected versions: