CVE-2005-3164 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=4.0.1 <=4.0.6 || >=4.1.0 <=4.1.36

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.03388 pctl0.86933

Details

Apache Tomcat AJP Connector Information Leak The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Metadata

Created: 2022-05-01T02:15:08Z
Modified: 2023-09-18T23:43:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qhqv-q4xg-f6g7/GHSA-qhqv-q4xg-f6g7.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-qhqv-q4xg-f6g7
Finding: F017
Auto approve: 1