CVE-2011-1475 — Improper Input Validation in Apache Tomcat

CWE-20 — Improper Input Validation6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

11.7%

top 6.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedApr 8

Latest updateMay 17

Description

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat12 versions+11

Patches

Patch: svn.apache.org ↗Patch: svn.apache.org ↗Patch: svn.apache.org ↗

🔴Vulnerability Details

OSV

Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users↗2022-05-17

▶

GHSA

Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users↗2022-05-17

▶

CVEList

CVE-2011-1475: The HTTP BIO connector in Apache Tomcat 7↗2011-04-08

▶

📋Vendor Advisories

Red Hat

tomcat: Information disclosure due improper handling of HTTP pipelining↗2011-04-06

▶

💬Community

Bugzilla

CVE-2011-1475 tomcat: Information disclosure due improper handling of HTTP pipelining↗2011-05-30

▶