Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2005-3164 | First vendor Publication | 2005-10-06 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19821 | Apache Tomcat Malformed Post Request Information Disclosure Apache Tomcat contains a flaw that may allow an attacker to gain access to privileged information. The issue occurs when a client specifies a Content-Length but disconnects before sending the request body. This is handled by the deprecated AJP connector by processing the request using the request body of the previous request. This may cause the server to return sensitive information. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-06-16 | Name : The remote Apache Tomcat server is affected by multiple vulnerabilities. File : tomcat_4_1_37.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2023-11-07 21:48:07 |
|
2022-02-04 12:02:35 |
|
2021-05-04 12:03:13 |
|
2021-04-22 01:03:30 |
|
2020-05-23 00:16:52 |
|
2019-03-25 17:18:56 |
|
2019-03-21 21:19:08 |
|
2016-04-26 13:51:18 |
|
2014-02-17 10:33:07 |
|
2013-05-11 11:32:33 |
|