Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3164

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2005-3164
Last Modified 17 Oct 2011 12:00:00
Published 06 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-3164

Summary

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Vulnerable Systems

Application

  • Apache Software Foundation Tomcat 4.1

  • Apache Software Foundation Tomcat 4.1.32

  • Apache Software Foundation Tomcat 4.1.34

  • Apache Tomcat 4.0.1

  • Apache Tomcat 4.0.2

  • Apache Tomcat 4.0.3

  • Apache Tomcat 4.0.4

  • Apache Tomcat 4.0.5

  • Apache Tomcat 4.0.6

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.1

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.12

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.2

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.36

  • Hitachi Cosminexus Application Server 05 00 05 05 E

  • Hitachi Cosminexus Application Server 05 00 05 05 F

  • Hitachi Cosminexus Application Server 05 00 05 05 H

  • Hitachi Cosminexus Application Server 05 00 05 05 K


References

VUPEN - ADV-2008-1981

VUPEN - ADV-2008-1979

BID - 15003

CONFIRM - http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html

CONFIRM - http://tomcat.apache.org/security-4.html

CONFIRM - http://support.apple.com/kb/HT2163

SUNALERT - 239312

SECUNIA - 30908

SECUNIA - 30899

SECUNIA - 30802

SECUNIA - 17019

APPLE - APPLE-SA-2008-06-30

JVN - JVN#79314822

Related Patches

Apple 2008-06-30 Security Update 2008-004 (PPC)

Apple 2008-06-30 Security Update 2008-004 Server (PPC)

Apple 2008-06-30 Security Update 2008-004 (Intel)

Apple 2008-06-30 Security Update 2008-004 Server (Intel)


Last Updated: 27 May 2016 10:40:50