2.6

CVE-2005-3164

EPSS 3.39%
Published 06.10.2005 10:02:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Affected products Warnungen 0 Metrics 2 CWE 1 References 19

Data is provided by the National Vulnerability Database (NVD)

Hitachi ≫ Cosminexus Application Server Version05_00_05_05_e

Hitachi ≫ Cosminexus Application Server Version05_00_05_05_f

Hitachi ≫ Cosminexus Application Server Version05_00_05_05_h

Hitachi ≫ Cosminexus Application Server Version05_00_05_05_k

Apache ≫ Tomcat Version >= 4.0.1 <= 4.0.6

Apache ≫ Tomcat Version >= 4.1.0 <= 4.1.36

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.39%	0.862

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

http://tomcat.apache.org/security-4.html

Vendor Advisory

http://secunia.com/advisories/30899

Vendor Advisory

Broken Link

http://secunia.com/advisories/30908

Vendor Advisory

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1

Broken Link

http://www.vupen.com/english/advisories/2008/1979/references

Vendor Advisory

http://jvn.jp/jp/JVN%2379314822/index.html

VDB Entry

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/17019

Vendor Advisory

Broken Link

http://secunia.com/advisories/30802

Vendor Advisory

Broken Link

http://support.apple.com/kb/HT2163

Third Party Advisory

http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html

Third Party Advisory

http://www.securityfocus.com/bid/15003

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2008/1981/references

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2005-3164

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3164

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3164

EUVD