7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.2%
Certain AJP protocol connector implementations in Apache Tomcat 7.0.0
through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly
other versions allow remote attackers to spoof AJP requests, bypass
authentication, and obtain sensitive information by causing the connector
to interpret a request body as a new request.