CVE-2005-3164
Published Oct 6, 2005
Last updated a year ago
Overview
- Description
- The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_e:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EEFDA7F0-F0F4-4BAC-9C5C-0026B50C38FC"
},
{
"criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_f:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA803316-5DD9-49CC-AD3F-04A8CEE97097"
},
{
"criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_h:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33D14CFB-DADC-4983-8EF8-11D8741636F1"
},
{
"criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_k:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "299CE786-2211-418F-B63B-0FDF458C345B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF3E6EBD-6EC0-4A43-BFCE-440182124A54",
"versionEndIncluding": "4.0.6",
"versionStartIncluding": "4.0.1"
},
{
"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E458C818-F9FA-4D48-8D70-D284138BB7F8",
"versionEndIncluding": "4.1.36",
"versionStartIncluding": "4.1.0"
}
],
"operator": "OR"
}
]
}
]