Lucene search

K
osvGoogleOSV:GHSA-QHQV-Q4XG-F6G7
HistoryMay 01, 2022 - 2:15 a.m.

Apache Tomcat AJP Connector Information Leak

2022-05-0102:15:08
Google
osv.dev
5
apache tomcat
ajp connector
information leak
handling issue
post request

EPSS

0.009

Percentile

82.8%

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when β€œunsuitable request body data” is used for a different request, possibly related to Java Servlet pages.

EPSS

0.009

Percentile

82.8%