Bug: Apache Tomcat 7.0.11 information disclosure ( Ascii Version )

Search:
WLB2

Apache Tomcat 7.0.11 information disclosure

Published
Credit
Risk
2011.04.12
Mark Thomas
Medium
CWE
CVE
Local
Remote
CWE-20
CVE-2011-1475
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.11
- Earlier versions are not affected

Description:
Changes introduced to the HTTP BIO connector to support Servlet 3.0
asynchronous requests did not fully account for HTTP pipelining. As a
result, when using HTTP pipelining a range of unexpected behaviours
occurred including the mixing up of responses between requests. While
the mix-up in responses was only observed between requests from the same
user, a mix-up of responses for requests from different users may also
be possible.

Mitigation:
Users of affected versions should apply one of the following mitigations:
- Upgrade to a Tomcat 7.0.12 or later
- Switch to the NIO or APR/native HTTP connectors that do not exhibit
this issue

Credit:
This issue was identified by Brad Piles and reported via the public ASF
Bugzilla issue tracking system.
The Apache Tomcat security team requests that security vulnerability
reports are made privately to security (at) tomcat.apache (dot) org [email concealed] in the first
instance.

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html

References:

http://svn.apache.org/viewvc?view=revision&revision=1086352
http://svn.apache.org/viewvc?view=revision&revision=1086349
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
http://www.securityfocus.com/bid/47199
http://www.securityfocus.com/archive/1/517363
http://tomcat.apache.org/security-7.html
http://seclists.org/fulldisclosure/2011/Apr/97

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version