Information disclosure in Apache Tomcat

CVE-2005-3164

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a PO…

Vulnerability class: Information Disclosure

EPSS: 0.065 (92.9th percentile) — read the EPSS interpretation.

Affected products

Apache Tomcat
Hitachi Cosminexus_application_server — versions 05_00_05_05_e, 05_00_05_05_f, 05_00_05_05_h
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_SECUNIA, Broken Link, Vendor Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, x_refsource_SUNALERT, Broken Link)
cve@mitre.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
cve@mitre.org (x_refsource_SECUNIA, Broken Link, Vendor Advisory, third-party-advisory)
cve@mitre.org (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
cve@mitre.org (x_refsource_SECUNIA, Broken Link, Vendor Advisory, third-party-advisory)
cve@mitre.org (vendor-advisory, x_refsource_APPLE, Mailing List, Third Party Advisory)