CVE-2011-1475
Last modified
CVE-2011-1475 is a vulnerability of currently unknown severity. The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users.". EPSS estimates a 8.69% chance of exploitation in the next 30 days.
Description
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 7.0.0 |
| Apache | Tomcat | 7.0.1 |
| Apache | Tomcat | 7.0.2 |
| Apache | Tomcat | 7.0.3 |
| Apache | Tomcat | 7.0.4 |
| Apache | Tomcat | 7.0.5 |
| Apache | Tomcat | 7.0.6 |
| Apache | Tomcat | 7.0.7 |
| Apache | Tomcat | 7.0.8 |
| Apache | Tomcat | 7.0.9 |
| Apache | Tomcat | 7.0.10 |
| Apache | Tomcat | 7.0.11 |
References
- http://tomcat.apache.org/security-7.htmlVendor Advisory
- http://tomcat.apache.org/security-7.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-1475?
How severe is CVE-2011-1475?
How do I fix CVE-2011-1475?
Are you affected by CVE-2011-1475?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST