CVE-2011-1475

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
apachetomcat
7.0.0
apachetomcat
7.0.0:beta
apachetomcat
7.0.1
apachetomcat
7.0.2
apachetomcat
7.0.3
apachetomcat
7.0.4
apachetomcat
7.0.5
apachetomcat
7.0.6
apachetomcat
7.0.7
apachetomcat
7.0.8
apachetomcat
7.0.9
apachetomcat
7.0.10
apachetomcat
7.0.11
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat6
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2011/Apr/97
http://securityreason.com/securityalert/8188
http://svn.apache.org/viewvc?view=revision&revision=1086349
http://svn.apache.org/viewvc?view=revision&revision=1086352
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/archive/1/517363
http://www.securityfocus.com/bid/47199
http://www.securitytracker.com/id?1025303
http://www.vupen.com/english/advisories/2011/0894
https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
http://seclists.org/fulldisclosure/2011/Apr/97
http://securityreason.com/securityalert/8188
http://svn.apache.org/viewvc?view=revision&revision=1086349
http://svn.apache.org/viewvc?view=revision&revision=1086352
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/archive/1/517363
http://www.securityfocus.com/bid/47199
http://www.securitytracker.com/id?1025303
http://www.vupen.com/english/advisories/2011/0894
https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374