CVE-2011-1475
N/A
N/A
Summary
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.vupen.com/english/advisories/2011/0894
- http://www.securityfocus.com/bid/47199
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
- http://securityreason.com/securityalert/8188
- http://tomcat.apache.org/security-7.html
- http://www.securitytracker.com/id?1025303
- https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
- http://www.securityfocus.com/archive/1/517363
- http://svn.apache.org/viewvc?view=revision&revision=1086349
- http://svn.apache.org/viewvc?view=revision&revision=1086352
- http://seclists.org/fulldisclosure/2011/Apr/97
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
References
- http://www.vupen.com/english/advisories/2011/0894
- http://www.securityfocus.com/bid/47199
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
- http://securityreason.com/securityalert/8188
- http://tomcat.apache.org/security-7.html
- http://www.securitytracker.com/id?1025303
- https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
- http://www.securityfocus.com/archive/1/517363
- http://svn.apache.org/viewvc?view=revision&revision=1086349
- http://svn.apache.org/viewvc?view=revision&revision=1086352
- http://seclists.org/fulldisclosure/2011/Apr/97
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.