CVE-2011-3375 — Sensitive Information Exposure in Apache Tomcat

CWE-200 — Sensitive Information Exposure10 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

2.0%

top 16.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedJan 19

Latest updateMay 17

Description

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat26 versions+25

🔴Vulnerability Details

GHSA

Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests↗2022-05-17

▶

OSV

Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests↗2022-05-17

▶

CVEList

CVE-2011-3375: Apache Tomcat 6↗2012-01-19

▶

📋Vendor Advisories

Red Hat

kernel: epoll: can leak file descriptors when returning -ELOOP↗2012-03-27

▶

Ubuntu

Tomcat vulnerabilities↗2012-02-13

▶

Red Hat

tomcat: information disclosure due to improper response and request object recycling↗2012-01-17

▶

💬Community

Bugzilla

CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP↗2012-07-04

▶

Bugzilla

CVE-2011-3375 tomcat6: information disclosure due to improper response and request object recycling [fedora-all]↗2012-01-22

▶

Bugzilla

CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling↗2012-01-17

▶