| Vulnerability Name: | CVE-2011-1475 (CCN-66676) | ||||||||
| Assigned: | 2011-04-06 | ||||||||
| Published: | 2011-04-06 | ||||||||
| Updated: | 2017-09-19 | ||||||||
| Summary: | The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users." | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Apr 06 2011 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure Source: MITRE Type: CNA CVE-2011-1475 Source: FULLDISC Type: UNKNOWN 20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure Source: SREASON Type: UNKNOWN 8188 Source: CONFIRM Type: Patch http://svn.apache.org/viewvc?view=revision&revision=1086349 Source: CONFIRM Type: Patch http://svn.apache.org/viewvc?view=revision&revision=1086352 Source: CCN Type: Apache Web Site Apache Tomcat Source: CONFIRM Type: Vendor Advisory http://tomcat.apache.org/security-7.html Source: CCN Type: OSVDB ID: 73776 Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access Source: BUGTRAQ Type: UNKNOWN 20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure Source: BID Type: UNKNOWN 47199 Source: CCN Type: BID-47199 Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability Source: SECTRACK Type: UNKNOWN 1025303 Source: VUPEN Type: UNKNOWN ADV-2011-0894 Source: XF Type: UNKNOWN tomcat-httpbio-info-disclosure(66676) Source: XF Type: UNKNOWN tomcat-httpbio-info-disclosure(66676) Source: MISC Type: UNKNOWN https://issues.apache.org/bugzilla/show_bug.cgi?id=50957 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:12374 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||