cvelistv5 - cve-2005-3164

CVE-2005-3164 (GCVE-0-2005-3164)

Vulnerability from cvelistv5

Published

2005-10-06 04:00

Modified

2024-08-07 23:01

Severity ?

CWE

Summary

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

References

URL

Tags

cve@mitre.org	http://jvn.jp/jp/JVN%2379314822/index.html	VDB Entry
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	Mailing List, Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/17019	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30802	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30899	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30908	Broken Link, Vendor Advisory
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	Broken Link
cve@mitre.org	http://support.apple.com/kb/HT2163	Third Party Advisory
cve@mitre.org	http://tomcat.apache.org/security-4.html	Vendor Advisory
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/15003	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1979/references	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1981/references	Vendor Advisory
cve@mitre.org	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/jp/JVN%2379314822/index.html	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17019	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30802	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30899	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30908	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT2163	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-4.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15003	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1979/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1981/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:01:58.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "15003",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15003"
          },
          {
            "name": "239312",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "ADV-2008-1981",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "30899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "ADV-2008-1979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "17019",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17019"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "30802",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "JVN#79314822",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/jp/JVN%2379314822/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:07:46",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "30908",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30908"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT2163"
        },
        {
          "name": "15003",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15003"
        },
        {
          "name": "239312",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
        },
        {
          "name": "ADV-2008-1981",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1981/references"
        },
        {
          "name": "30899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30899"
        },
        {
          "name": "ADV-2008-1979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1979/references"
        },
        {
          "name": "17019",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17019"
        },
        {
          "name": "APPLE-SA-2008-06-30",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
        },
        {
          "name": "30802",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30802"
        },
        {
          "name": "JVN#79314822",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/jp/JVN%2379314822/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3164",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "15003",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15003"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "17019",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17019"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "JVN#79314822",
              "refsource": "JVN",
              "url": "http://jvn.jp/jp/JVN%2379314822/index.html"
            },
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3164",
    "datePublished": "2005-10-06T04:00:00",
    "dateReserved": "2005-10-06T00:00:00",
    "dateUpdated": "2024-08-07T23:01:58.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-3164\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-10-06T10:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \\\"unsuitable request body data\\\" is used for a different request, possibly related to Java Servlet pages.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEFDA7F0-F0F4-4BAC-9C5C-0026B50C38FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA803316-5DD9-49CC-AD3F-04A8CEE97097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_h:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33D14CFB-DADC-4983-8EF8-11D8741636F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_k:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"299CE786-2211-418F-B63B-0FDF458C345B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.1\",\"versionEndIncluding\":\"4.0.6\",\"matchCriteriaId\":\"FF3E6EBD-6EC0-4A43-BFCE-440182124A54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndIncluding\":\"4.1.36\",\"matchCriteriaId\":\"E458C818-F9FA-4D48-8D70-D284138BB7F8\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/jp/JVN%2379314822/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/17019\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30802\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30899\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30908\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.apple.com/kb/HT2163\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/15003\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1979/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1981/references\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://jvn.jp/jp/JVN%2379314822/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/17019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30802\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30899\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30908\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://support.apple.com/kb/HT2163\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/15003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1979/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2008/1981/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2008-AVI-343

Vulnerability from certfr_avis

Plusieurs vulnérablités concernant le système d'exploitation Apple Mac OS X ont été corrigées.

Description

Plusieurs vulnérablités ont été corrigées :

Alias Manager : un alias spécifiquement créé permet l'exécution de code arbitraire ;
CoresTypes : des contenus incertains peuvent être ouverts automatiquement ;
c++filt : une chaine de caratères spécifiquement créée permet l'exécution de code arbitraire ;
Dock : une personne ayant physiquement accès à la machine peut contourner l'écran de verrouillage ;
Launch Services : du code malveillant peut être exécuté via un site Web malveillant ;
Net-SNMP : il est possible de contrefaire un paquet SNMPv3 ;
Ruby : une chaine de caractères ou un tableau spécifiquement créé permet l'exécution de code arbitraire ;
SMB File Server : une trame SMB spécialement réalisée permet l'exécution de code arbitraire ;
System Configuration : un utilisateur local peut exécuter du code arbitraire avec les droits de nouveaux utilisateurs ;
Tomcat : plusieurs vulnérabilités affectent le logiciel dont une permettant des attaques de type Cross Site Scripting ;
VPN : un attaquant peut réaliser un déni de service à distance à l'aide de paquets UDP spécifiquement créés ;
Webkit : du code malveillant peut être exécuté via un site Web malveillant.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple Mac OS X versions v10.5.3 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Mise à jour de sécurité Apple 2008-004 du 30 juin 2008	None	vendor-advisory
Bulletin de sécurité Apple 2008-004 du 30 juin 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eApple Mac OS X versions v10.5.3 et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rablit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es :\n\n-   Alias Manager : un alias sp\u00e9cifiquement cr\u00e9\u00e9 permet l\u0027ex\u00e9cution de\n    code arbitraire ;\n-   CoresTypes : des contenus incertains peuvent \u00eatre ouverts\n    automatiquement ;\n-   c++filt : une chaine de carat\u00e8res sp\u00e9cifiquement cr\u00e9\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire ;\n-   Dock : une personne ayant physiquement acc\u00e8s \u00e0 la machine peut\n    contourner l\u0027\u00e9cran de verrouillage ;\n-   Launch Services : du code malveillant peut \u00eatre ex\u00e9cut\u00e9 via un site\n    Web malveillant ;\n-   Net-SNMP : il est possible de contrefaire un paquet SNMPv3 ;\n-   Ruby : une chaine de caract\u00e8res ou un tableau sp\u00e9cifiquement cr\u00e9\u00e9\n    permet l\u0027ex\u00e9cution de code arbitraire ;\n-   SMB File Server : une trame SMB sp\u00e9cialement r\u00e9alis\u00e9e permet\n    l\u0027ex\u00e9cution de code arbitraire ;\n-   System Configuration : un utilisateur local peut ex\u00e9cuter du code\n    arbitraire avec les droits de nouveaux utilisateurs ;\n-   Tomcat : plusieurs vuln\u00e9rabilit\u00e9s affectent le logiciel dont une\n    permettant des attaques de type Cross Site Scripting ;\n-   VPN : un attaquant peut r\u00e9aliser un d\u00e9ni de service \u00e0 distance \u00e0\n    l\u0027aide de paquets UDP sp\u00e9cifiquement cr\u00e9\u00e9s ;\n-   Webkit : du code malveillant peut \u00eatre ex\u00e9cut\u00e9 via un site Web\n    malveillant.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2663"
    },
    {
      "name": "CVE-2007-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
    },
    {
      "name": "CVE-2008-2309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2309"
    },
    {
      "name": "CVE-2008-2725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2725"
    },
    {
      "name": "CVE-2008-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2313"
    },
    {
      "name": "CVE-2008-1145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1145"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2311"
    },
    {
      "name": "CVE-2007-3382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
    },
    {
      "name": "CVE-2007-3383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3383"
    },
    {
      "name": "CVE-2008-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1105"
    },
    {
      "name": "CVE-2005-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3164"
    },
    {
      "name": "CVE-2008-0960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0960"
    },
    {
      "name": "CVE-2008-2664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2664"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2007-2449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
    },
    {
      "name": "CVE-2007-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
    },
    {
      "name": "CVE-2008-2726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2726"
    },
    {
      "name": "CVE-2008-2314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2314"
    },
    {
      "name": "CVE-2008-2662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2662"
    },
    {
      "name": "CVE-2008-2307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2307"
    },
    {
      "name": "CVE-2008-2308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2308"
    },
    {
      "name": "CVE-2007-6276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6276"
    },
    {
      "name": "CVE-2007-3385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
    },
    {
      "name": "CVE-2008-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2310"
    }
  ],
  "initial_release_date": "2008-07-02T00:00:00",
  "last_revision_date": "2008-07-02T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2008-004 du 30 juin 2008 :",
      "url": "http://support.apple.com/kb/HT2163"
    }
  ],
  "reference": "CERTA-2008-AVI-343",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rablit\u00e9s concernant le syst\u00e8me d\u0027exploitation Apple Mac\nOS X ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Apple 2008-004 du 30 juin 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-349

Vulnerability from certfr_avis

Plusieurs vulnérabilités de Sun Solaris permettent à une personne malintentionnée d'effectuer, entre autres, un déni de service à distance.

Description

De multiples vulnérabilités non documentées du serveur Tomcat de Sun Solaris permettent à une personne malveillante d'effectuer un déni de service à distance, un courtournement de la politique de sécurité, une atteinte à la confidentialité des données ou une injection de code indirecte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Sun Solaris 10.
	N/A	N/A	Sun Solaris 9 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Sun Solaris #239312 du 30 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sun Solaris 10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Sun Solaris 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s non document\u00e9es du serveur Tomcat de Sun\nSolaris permettent \u00e0 une personne malveillante d\u0027effectuer un d\u00e9ni de\nservice \u00e0 distance, un courtournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ou une injection de code\nindirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2002-2006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-2006"
    },
    {
      "name": "CVE-2002-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-1394"
    },
    {
      "name": "CVE-2005-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3164"
    },
    {
      "name": "CVE-2002-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-1148"
    },
    {
      "name": "CVE-2005-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
    },
    {
      "name": "CVE-2006-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
    },
    {
      "name": "CVE-2003-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0866"
    },
    {
      "name": "CVE-2007-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
    }
  ],
  "initial_release_date": "2008-07-04T00:00:00",
  "last_revision_date": "2008-07-04T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-349",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eSun Solaris\u003c/span\u003e\npermettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer, entre autres, un\nd\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Sun Solaris",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #239312 du 30 juin 2008",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
    }
  ]
}

gsd-2005-3164

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2005-3164

Aliases

CVE-2005-3164

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3164",
    "description": "The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages.",
    "id": "GSD-2005-3164"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3164"
      ],
      "details": "The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages.",
      "id": "GSD-2005-3164",
      "modified": "2023-12-13T01:20:12.154300Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3164",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tomcat.apache.org/security-4.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "http://support.apple.com/kb/HT2163",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT2163"
          },
          {
            "name": "15003",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15003"
          },
          {
            "name": "239312",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "ADV-2008-1981",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1981/references"
          },
          {
            "name": "30899",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "ADV-2008-1979",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "17019",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17019"
          },
          {
            "name": "APPLE-SA-2008-06-30",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
          },
          {
            "name": "30802",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30802"
          },
          {
            "name": "JVN#79314822",
            "refsource": "JVN",
            "url": "http://jvn.jp/jp/JVN%2379314822/index.html"
          },
          {
            "name": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.6",
                "versionStartIncluding": "4.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.1.36",
                "versionStartIncluding": "4.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3164"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
            },
            {
              "name": "JVN#79314822",
              "refsource": "JVN",
              "tags": [
                "VDB Entry"
              ],
              "url": "http://jvn.jp/jp/JVN%2379314822/index.html"
            },
            {
              "name": "15003",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/15003"
            },
            {
              "name": "17019",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17019"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "http://support.apple.com/kb/HT2163",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://support.apple.com/kb/HT2163"
            },
            {
              "name": "APPLE-SA-2008-06-30",
              "refsource": "APPLE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "tags": [
                "Broken Link"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "30802",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30802"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "ADV-2008-1981",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1981/references"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2022-02-03T19:39Z",
      "publishedDate": "2005-10-06T10:02Z"
    }
  }
}

ghsa-qhqv-q4xg-f6g7

Vulnerability from github

Published

2022-05-01 02:15

Modified

2023-09-18 23:43

Summary

Apache Tomcat AJP Connector Information Leak

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.1"
            },
            {
              "last_affected": "4.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "last_affected": "4.1.36"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2005-3164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-18T23:43:12Z",
    "nvd_published_at": "2005-10-06T10:02:00Z",
    "severity": "LOW"
  },
  "details": "The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages.",
  "id": "GHSA-qhqv-q4xg-f6g7",
  "modified": "2023-09-18T23:43:12Z",
  "published": "2022-05-01T02:15:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3164"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20051215074217/http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20081202183445/http://www.securityfocus.com/bid/15003"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/jp/JVN%2379314822/index.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Apache Tomcat AJP Connector Information Leak"
}

fkie_cve-2005-3164

Vulnerability from fkie_nvd

Published

2005-10-06 10:02

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://jvn.jp/jp/JVN%2379314822/index.html	VDB Entry
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	Mailing List, Third Party Advisory
cve@mitre.org	http://secunia.com/advisories/17019	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30802	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30899	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30908	Broken Link, Vendor Advisory
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	Broken Link
cve@mitre.org	http://support.apple.com/kb/HT2163	Third Party Advisory
cve@mitre.org	http://tomcat.apache.org/security-4.html	Vendor Advisory
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/15003	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1979/references	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1981/references	Vendor Advisory
cve@mitre.org	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/jp/JVN%2379314822/index.html	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17019	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30802	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30899	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30908	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT2163	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-4.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15003	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1979/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1981/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Impacted products

Vendor	Product	Version
hitachi	cosminexus_application_server	05_00_05_05_e
hitachi	cosminexus_application_server	05_00_05_05_f
hitachi	cosminexus_application_server	05_00_05_05_h
hitachi	cosminexus_application_server	05_00_05_05_k
apache	tomcat	*
apache	tomcat	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_e:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFDA7F0-F0F4-4BAC-9C5C-0026B50C38FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_f:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA803316-5DD9-49CC-AD3F-04A8CEE97097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_h:*:*:*:*:*:*:*",
              "matchCriteriaId": "33D14CFB-DADC-4983-8EF8-11D8741636F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_k:*:*:*:*:*:*:*",
              "matchCriteriaId": "299CE786-2211-418F-B63B-0FDF458C345B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF3E6EBD-6EC0-4A43-BFCE-440182124A54",
              "versionEndIncluding": "4.0.6",
              "versionStartIncluding": "4.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E458C818-F9FA-4D48-8D70-D284138BB7F8",
              "versionEndIncluding": "4.1.36",
              "versionStartIncluding": "4.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when \"unsuitable request body data\" is used for a different request, possibly related to Java Servlet pages."
    }
  ],
  "id": "CVE-2005-3164",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-10-06T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry"
      ],
      "url": "http://jvn.jp/jp/JVN%2379314822/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17019"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/15003"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "http://jvn.jp/jp/JVN%2379314822/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17019"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30802"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://support.apple.com/kb/HT2163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-019_e/01-e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/15003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1981/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2005-3164

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2008-07-07 18:04

Severity ?

() - -

Summary

Tomcat vulnerable in request processing

Details

Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests. To avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat supports Coyote JK Connector and Coyote HTTP/1.1 Connector.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN79314822/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3164
	SECUNIA	http://secunia.com/advisories/17019
	BID	http://www.securityfocus.com/bid/15003
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Apache Software Foundation	Apache Tomcat
	FUJITSU	Campusmate/Portal
	FUJITSU	Internet Navigware Server
	FUJITSU	Interstage Application Framework Suite
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Job Workload Server
	FUJITSU	Interstage List Manager
	Hitachi, Ltd	Cosminexus Application Server
	Hitachi, Ltd	Cosminexus Developer
	Hitachi, Ltd	Cosminexus Primary Server
	Hitachi, Ltd	Embedded Cosminexus Server
	NEC Corporation	WebOTX Application Server
	NEC Corporation	WebSAM SystemManager
	NEC Corporation	Spectral Wave Manager Series
	Apple Inc.	Apple Mac OS X
	Apple Inc.	Apple Mac OS X Server
	Cybertrust Japan Co., Ltd.	Asianux Server
	Sun Microsystems, Inc.	Sun Solaris

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000804.html",
  "dc:date": "2008-07-07T18:04+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-07-07T18:04+09:00",
  "description": "Apache Tomcat, an implementation of the Java Servlet and JavaServer Pages technologies, contains a vulnerability in processing specific requests.\r\n\r\nTo avoid this vulnerability, use the connectors other than AJP 1.3 Connector when connecting Apache Tomcat to a web server. Apache Tomcat supports Coyote JK Connector and Coyote HTTP/1.1 Connector.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000804.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:campusmate_portal",
      "@product": "Campusmate/Portal",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:internet_navigware_server",
      "@product": "Internet Navigware Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_list_manager",
      "@product": "Interstage List Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server",
      "@product": "Cosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer",
      "@product": "Cosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_primary_server",
      "@product": "Cosminexus Primary Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:embedded_cosminexus_server",
      "@product": "Embedded Cosminexus Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:webotx_application_server",
      "@product": "WebOTX Application Server",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:nec:websam_systemmanager",
      "@product": "WebSAM SystemManager",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:nec:spectral_wave_manager",
      "@product": "Spectral Wave Manager Series",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000804",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN79314822/index.html",
      "@id": "JVN#79314822",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3164",
      "@id": "CVE-2005-3164",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3164",
      "@id": "CVE-2005-3164",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/17019",
      "@id": "SA17019",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/15003",
      "@id": "15003",
      "@source": "BID"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Tomcat vulnerable in request processing"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-3164 (GCVE-0-2005-3164)

Vulnerability from cvelistv5

CERTA-2008-AVI-343

Vulnerability from certfr_avis

Description

Solution

CERTA-2008-AVI-349

Vulnerability from certfr_avis

Description

Solution

gsd-2005-3164

Vulnerability from gsd

ghsa-qhqv-q4xg-f6g7

Vulnerability from github

fkie_cve-2005-3164

Vulnerability from fkie_nvd

cve-2005-3164

Vulnerability from jvndb

Tags

Sightings

Nomenclature