CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-3164

LOW
2.6
CVSS Severity Score
EPSS Score0.0670%
EPSS Percentile25.11th
Published2005年10月6日
Last Modified2026年4月16日

Vulnerability Description

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Affected Platforms (CPE)

📦
Hitachi

Cosminexus Application Server

= 05_00_05_05_e
📦
Hitachi

Cosminexus Application Server

= 05_00_05_05_f
📦
Hitachi

Cosminexus Application Server

= 05_00_05_05_h
📦
Hitachi

Cosminexus Application Server

= 05_00_05_05_k
📦
Apache

Tomcat

>= 4.0.1 and <= 4.0.6
📦
Apache

Tomcat

>= 4.1.0 and <= 4.1.36

References & Advisories

🔗 http://jvn.jp/jp/JVN%2379314822/index.html
🔗 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
🔗 http://secunia.com/advisories/17019
🔗 http://secunia.com/advisories/30802
🔗 http://secunia.com/advisories/30899
🔗 http://secunia.com/advisories/30908
🔗 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
🔗 http://support.apple.com/kb/HT2163

相關漏洞威脅

CVE-2007-18545.0

Unspecified vulnerability in Hitachi Cosminexus Component Container 07-00 through 07-00-10, and 07-10 through 07-10-03, as used in...

CVE-2007-45644.6

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical use...

CVE-2007-45634.4

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2E...

CVE-2005-266810.0

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before...