CVE-2011-1475 Information
Description
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets related to \a mix-up of responses for requests from different users.\
Reference
http://seclists.org/fulldisclosure/2011/Apr/97 http://securityreason.com/securityalert/8188 http://svn.apache.org/viewvc?view=revision&revision=1086349 http://svn.apache.org/viewvc?view=revision&revision=1086352 http://tomcat.apache.org/security-7.html http://www.securityfocus.com/archive/1/517363 http://www.securityfocus.com/bid/47199 http://www.securitytracker.com/id?1025303 http://www.vupen.com/english/advisories/2011/0894 https://exchange.xforce.ibmcloud.com/vulnerabilities/66676 https://issues.apache.org/bugzilla/show_bug.cgi?id=50957 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12374
Share on: