CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2005-3164
https://notcve.org/view.php?id=CVE-2005-3164
06 Oct 2005 — The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages. • http://jvn.jp/jp/JVN%2379314822/index.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 7%CPEs: 12EXPL: 0CVE-2004-1478
https://notcve.org/view.php?id=CVE-2004-1478
31 Dec 2004 — JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •
CVSS: 9.1EPSS: 33%CPEs: 11EXPL: 0CVE-2004-0928
https://notcve.org/view.php?id=CVE-2004-0928
05 Oct 2004 — The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". • http://marc.info/?l=bugtraq&m=109621995623823&w=2 •