Vulnerability CVE-2011-1475
Published: 2011-04-08   Modified: 2012-02-13

Description:
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Apache Tomcat 7.0.11 information disclosure
Mark Thomas
12.04.2011

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Apache -> Tomcat 

 References:
http://svn.apache.org/viewvc?view=revision&revision=1086352
http://svn.apache.org/viewvc?view=revision&revision=1086349
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
http://xforce.iss.net/xforce/xfdb/66676
http://www.vupen.com/english/advisories/2011/0894
http://www.securitytracker.com/id?1025303
http://www.securityfocus.com/bid/47199
http://www.securityfocus.com/archive/1/517363
http://tomcat.apache.org/security-7.html
http://securityreason.com/securityalert/8188
http://seclists.org/fulldisclosure/2011/Apr/97
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12374
Copyright 2024, cxsecurity.com

 

Back to Top