Back to search
CVE-2011-1475
Published: Apr 8, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2011-0894
vdb-entry
x_refsource_VUPEN
47199
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:12374
vdb-entry
signature
x_refsource_OVAL
8188
third-party-advisory
x_refsource_SREASON
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
1025303
vdb-entry
x_refsource_SECTRACK
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
x_refsource_MISC
20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
mailing-list
x_refsource_BUGTRAQ
http://svn.apache.org/viewvc?view=revision&revision=1086349
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1086352
x_refsource_CONFIRM
20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
mailing-list
x_refsource_FULLDISC
tomcat-httpbio-info-disclosure(66676)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now