Vulnerability Details : CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
Vulnerability category: Input validation
Products affected by CVE-2011-1475
- cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
Threat overview for CVE-2011-1475
Top countries where our scanners detected CVE-2011-1475
Top open port discovered on systems with this issue
80
IPs affected by CVE-2011-1475 767
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1475!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1475
0.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1475
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-1475
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1475
-
http://www.vupen.com/english/advisories/2011/0894
Webmail | OVH- OVH
-
http://seclists.org/fulldisclosure/2011/Apr/97
Full Disclosure: [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
-
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
50957 – Blocking IO can serve wrong response data
-
http://securityreason.com/securityalert/8188
Apache Tomcat 7.0.11 information disclosure - CXSecurity.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
Apache Tomcat HTTP BIO information disclosure CVE-2011-1475 Vulnerability Report
-
http://tomcat.apache.org/security-7.html
Apache Tomcat® - Apache Tomcat 7 vulnerabilitiesVendor Advisory
-
http://www.securitytracker.com/id?1025303
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users - SecurityTracker
-
http://svn.apache.org/viewvc?view=revision&revision=1086349
[Apache-SVN] Revision 1086349Patch
-
http://svn.apache.org/viewvc?view=revision&revision=1086352
[Apache-SVN] Revision 1086352Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
Repository / Oval Repository
-
http://www.securityfocus.com/archive/1/517363
SecurityFocus
-
http://www.securityfocus.com/bid/47199
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
Jump to