Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1xaHF2LXE0eGctZjZnN811Cg

Apache Tomcat AJP Connector Information Leak

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Permalink: https://github.com/advisories/GHSA-qhqv-q4xg-f6g7
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xaHF2LXE0eGctZjZnN811Cg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 years ago
Updated: 8 months ago

Identifiers: GHSA-qhqv-q4xg-f6g7, CVE-2005-3164
References:

• https://nvd.nist.gov/vuln/detail/CVE-2005-3164
• https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
• https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
• http://jvn.jp/jp/JVN%2379314822/index.html
• http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
• http://support.apple.com/kb/HT2163
• http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
• https://web.archive.org/web/20051215074217/http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html
• https://web.archive.org/web/20081202183445/http://www.securityfocus.com/bid/15003
• https://github.com/advisories/GHSA-qhqv-q4xg-f6g7

Blast Radius: 0.0

Affected Packages