CVE-2005-3164

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 4.0.1 through 4.0.6 Apache Tomcat versions 4.1.0 through 4.1.36

Description The issue arises when a connection is broken before request body data is sent in a POST request, potentially leading to an information leak. This occurs when "unsuitable request body data" is used for a different request. The problem is related to the handling of requests by the AJP connector when a client specifies a Content-Length but disconnects before sending any of the request body, causing the connector to process the request using the request body of the previous request.

Recommendations For Apache Tomcat versions 4.0.1 through 4.0.6, consider using the default, supported Coyote AJP connector as a workaround. For Apache Tomcat versions 4.1.0 through 4.1.36, consider using the default, supported Coyote AJP connector as a workaround. As a temporary workaround, consider disabling the AJP connector until a patch is available.