CVE-2011-1475 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=7.0.0 <7.0.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.11701 pctl0.9343

Details

Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Metadata

Created: 2022-05-17T01:01:49Z
Modified: 2024-01-17T22:46:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h6c8-rg87-f3pc/GHSA-h6c8-rg87-f3pc.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-h6c8-rg87-f3pc
Finding: F184
Auto approve: 1