CVE-2011-1475

medium

Description

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374

https://issues.apache.org/bugzilla/show_bug.cgi?id=50957

https://exchange.xforce.ibmcloud.com/vulnerabilities/66676

http://www.vupen.com/english/advisories/2011/0894

http://www.securitytracker.com/id?1025303

http://www.securityfocus.com/bid/47199

http://www.securityfocus.com/archive/1/517363

http://tomcat.apache.org/security-7.html

http://svn.apache.org/viewvc?view=revision&revision=1086352

http://svn.apache.org/viewvc?view=revision&revision=1086349

http://securityreason.com/securityalert/8188

http://seclists.org/fulldisclosure/2011/Apr/97

Details

Source: Mitre, NVD

Published: 2011-04-08

Updated: 2017-09-19

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium