The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2011/Apr/97 - | |
References | () http://securityreason.com/securityalert/8188 - | |
References | () http://svn.apache.org/viewvc?view=revision&revision=1086349 - Patch | |
References | () http://svn.apache.org/viewvc?view=revision&revision=1086352 - Patch | |
References | () http://tomcat.apache.org/security-7.html - Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/517363 - | |
References | () http://www.securityfocus.com/bid/47199 - | |
References | () http://www.securitytracker.com/id?1025303 - | |
References | () http://www.vupen.com/english/advisories/2011/0894 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/66676 - | |
References | () https://issues.apache.org/bugzilla/show_bug.cgi?id=50957 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374 - |
Information
Published : 2011-04-08 15:17
Updated : 2024-11-21 01:26
NVD link : CVE-2011-1475
Mitre link : CVE-2011-1475
CVE.ORG link : CVE-2011-1475
JSON object : View
Products Affected
apache
- tomcat
CWE
CWE-20
Improper Input Validation