5
CVE-2011-1475
- EPSS 8.69%
- Veröffentlicht 08.04.2011 15:17:28
- Zuletzt bearbeitet 16.06.2026 23:29:25
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.69% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://tomcat.apache.org/security-7.html
http://seclists.org/fulldisclosure/2011/Apr/97
http://securityreason.com/securityalert/8188
http://svn.apache.org/viewvc?view=revision&revision=1086349
http://svn.apache.org/viewvc?view=revision&revision=1086352
http://www.securityfocus.com/archive/1/517363
http://www.securityfocus.com/bid/47199
http://www.securitytracker.com/id?1025303
http://www.vupen.com/english/advisories/2011/0894
https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374