Vulnerability Name:

CVE-2005-3164 (CCN-22506)

Assigned:2005-10-03
Published:2005-10-03
Updated:2022-02-03
Summary:The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-3164

Source: JVN
Type: VDB Entry
JVN#79314822

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2008-06-30

Source: CCN
Type: SA17019
Hitachi Cosminexus Request Body Disclosure of Personal Information

Source: SECUNIA
Type: Broken Link, Vendor Advisory
17019

Source: CCN
Type: SA30802
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link, Vendor Advisory
30802

Source: CCN
Type: SA30899
Sun Solaris 9 Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link, Vendor Advisory
30899

Source: CCN
Type: SA30908
Sun Solaris 10 Tomcat Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link, Vendor Advisory
30908

Source: SUNALERT
Type: Broken Link
239312

Source: CCN
Type: Sun Alert ID: 239312
Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT2163

Source: CCN
Type: ASA-2008-293
Security Vulnerabilities in Tomcat 4.0 Shipped with Solaris 9 and 10 (Sun 239312)

Source: CONFIRM
Type: Vendor Advisory
http://tomcat.apache.org/security-4.html

Source: CCN
Type: Hitachi Vulnerability Information HS05-019-01
Solution for Cosminexus Application Server

Source: CONFIRM
Type: Third Party Advisory
http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html

Source: CCN
Type: Cosminexus Web site
HITACHI : Cosminexus

Source: CCN
Type: OSVDB ID: 19821
Apache Tomcat Malformed Post Request Information Disclosure

Source: BID
Type: Third Party Advisory, VDB Entry
15003

Source: CCN
Type: BID-15003
Hitachi Cosminexus Remote Information Disclosure Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1979

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1981

Source: XF
Type: UNKNOWN
cosminexus-http-post-information-disclosure(22506)

Source: MLIST
Type: Mailing List, Third Party Advisory
[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

Source: MLIST
Type: Mailing List, Third Party Advisory
[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Source: MLIST
Type: Mailing List, Third Party Advisory
[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/

Source: CCN
Type: IBM Security Bulletin 6858013 (Tivoli Application Dependency Discovery Manager)
TADDM affected by multiple vulnerabilities due to Apache Tomcat libraries

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hitachi:cosminexus_application_server:05_00_05_05_e:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server:05_00_05_05_f:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server:05_00_05_05_h:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server:05_00_05_05_k:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 4.0.1 and <= 4.0.6)
  • OR cpe:/a:apache:tomcat:*:*:*:*:*:*:*:* (Version >= 4.1.0 and <= 4.1.36)

    • Configuration CCN 1:
  • cpe:/a:hitachi:cosminexus_application_server:5:*:*:*:*:*:*:*
  • OR cpe:/a:hitachi:cosminexus_application_server:6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hitachi cosminexus application server 05_00_05_05_e
    hitachi cosminexus application server 05_00_05_05_f
    hitachi cosminexus application server 05_00_05_05_h
    hitachi cosminexus application server 05_00_05_05_k
    apache tomcat *
    apache tomcat *
    hitachi cosminexus application server 5
    hitachi cosminexus application server 6
    sun solaris 9
    microsoft windows 2003_server
    sun solaris 10
    sun solaris 10
    sun solaris 9
    ibm tivoli application dependency discovery manager 7.3.0.0