Information Leak Vulnerability in Hitachi Cosminexus Application Server and Apache Tomcat
CVE-2005-3164

Currently unrated

Key Information:

Vendor: Hitachi
Status: Cosminexus Application Server
Vendor: CVE Published:; 6 October 2005

What is CVE-2005-3164?

The AJP connector in various versions of Apache Tomcat, as utilized by Hitachi Cosminexus Application Server, is prone to an information leak. This vulnerability arises when a connection is disrupted prior to the submission of request body data in a POST request. If inappropriate request body data is utilized, this may inadvertently lead to data exposure in subsequent requests, potentially jeopardizing the confidentiality of information, especially in Java Servlet environments.

References

http://tomcat.apache.org/security-4.html

x_refsource_CONFIRM

http://secunia.com/advisories/30908

third-party-advisoryx_refsource_SECUNIA

http://support.apple.com/kb/HT2163

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2005
Vulnerability Reserved
Oct 6, 2005