CVE-2005-3164

Published Oct 6, 2005

Last updated 6 hours ago

CVSS info 2.6

Overview

Description: The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_e:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEFDA7F0-F0F4-4BAC-9C5C-0026B50C38FC"
          },
          {
            "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_f:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA803316-5DD9-49CC-AD3F-04A8CEE97097"
          },
          {
            "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_h:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33D14CFB-DADC-4983-8EF8-11D8741636F1"
          },
          {
            "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_k:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "299CE786-2211-418F-B63B-0FDF458C345B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF3E6EBD-6EC0-4A43-BFCE-440182124A54",
            "versionEndIncluding": "4.0.6",
            "versionStartIncluding": "4.0.1"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E458C818-F9FA-4D48-8D70-D284138BB7F8",
            "versionEndIncluding": "4.1.36",
            "versionStartIncluding": "4.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References