CVE-2005-3164

CWE-200 — Information Exposure5 documents5 sources

Severity

2.6LOW

EPSS

3.4%

top 12.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat Hitachi Cosminexus Application Server

Timeline

PublishedOct 6

Latest updateMay 1

Description

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶NVDhitachi/cosminexus_application_server4 versions+3

▶NVDapache/tomcat4.0.1 — 4.0.6+1

▶Mavenorg.apache.tomcat:tomcat4.0.1 — 4.0.6+1

🔴Vulnerability Details

OSV

Apache Tomcat AJP Connector Information Leak↗2022-05-01

▶

GHSA

Apache Tomcat AJP Connector Information Leak↗2022-05-01

▶

CVEList

CVE-2005-3164: The AJP connector in Apache Tomcat 4↗2005-10-06

▶

💬Community

Bugzilla

A number of tomcat issues↗2007-05-09

▶