Vulnerability Description
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 7.0.0 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2011/Apr/97
- http://securityreason.com/securityalert/8188
- http://svn.apache.org/viewvc?view=revision&revision=1086349Patch
- http://svn.apache.org/viewvc?view=revision&revision=1086352Patch
- http://tomcat.apache.org/security-7.htmlVendor Advisory
- http://www.securityfocus.com/archive/1/517363
- http://www.securityfocus.com/bid/47199
- http://www.securitytracker.com/id?1025303
- http://www.vupen.com/english/advisories/2011/0894
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
- https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://seclists.org/fulldisclosure/2011/Apr/97
- http://securityreason.com/securityalert/8188
- http://svn.apache.org/viewvc?view=revision&revision=1086349Patch
FAQ
What is CVE-2011-1475?
CVE-2011-1475 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circum...
How severe is CVE-2011-1475?
CVE-2011-1475 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1475?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.