Lucene search

K
nvd[email protected]NVD:CVE-2005-3164
HistoryOct 06, 2005 - 10:02 a.m.

CVE-2005-3164

2005-10-0610:02:00
CWE-200
web.nvd.nist.gov

7.5 High

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.8%

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when β€œunsuitable request body data” is used for a different request, possibly related to Java Servlet pages.

Affected configurations

NVD
Node
hitachicosminexus_application_serverMatch05_00_05_05_e
OR
hitachicosminexus_application_serverMatch05_00_05_05_f
OR
hitachicosminexus_application_serverMatch05_00_05_05_h
OR
hitachicosminexus_application_serverMatch05_00_05_05_k
Node
apachetomcatRange4.0.1–4.0.6
OR
apachetomcatRange4.1.0–4.1.36

References

7.5 High

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.8%