AJP Connector Information Leak Vulnerability

AJP Connector Information Leak Vulnerability

CVE-2005-3164 · LOW Severity

AV:N/AC:H/AU:N/C:P/I:N/A:N

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

Learn more about our Cis Benchmark Audit For Apache Http Server.