Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1475

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1475
Last Modified 21 Sep 2011 11:30:18
Published 08 Apr 2011 11:17:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1475

Summary

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Vulnerable Systems

Application

  • Apache Tomcat 7.0.0

  • Apache Tomcat 7.0.1

  • Apache Tomcat 7.0.10

  • Apache Tomcat 7.0.11

  • Apache Tomcat 7.0.2

  • Apache Tomcat 7.0.3

  • Apache Tomcat 7.0.4

  • Apache Tomcat 7.0.5

  • Apache Tomcat 7.0.6

  • Apache Tomcat 7.0.7

  • Apache Tomcat 7.0.8

  • Apache Tomcat 7.0.9


References

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1086352

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1086349

MISC - https://issues.apache.org/bugzilla/show_bug.cgi?id=50957

XF - tomcat-httpbio-info-disclosure(66676)

VUPEN - ADV-2011-0894

SECTRACK - 1025303

BID - 47199

BUGTRAQ - 20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure

CONFIRM - http://tomcat.apache.org/security-7.html

SREASON - 8188


Last Updated: 27 May 2016 10:56:20