Home > Vulnerability Database > CVE-2011-1475

Mend.io Vulnerability Database

CVE-2011-1475

Good to know:

Date: April 8, 2011

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Language: Java

Severity Score

3.7

Related Resources (20)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/66676

Url: http://seclists.org/fulldisclosure/2011/Apr/97

Url: http://tomcat.apache.org/security-7.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374

Url: https://web.archive.org/web/20170202012852/http://www.securityfocus.com/archive/1/517363

Url: http://svn.apache.org/viewvc?view=revision&revision=1086349

Url: https://web.archive.org/web/20170317142459/http://www.securitytracker.com/id?1025303

Url: https://github.com/apache/tomcat

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-1475

Url: https://github.com/apache/tomcat/commit/d2e8f2ede7dea39f75f68384f331f38f094e4ed3

Url: http://svn.apache.org/viewvc?view=revision&revision=1086352

Url: http://www.securityfocus.com/archive/1/517363

Url: https://web.archive.org/web/20120605200856/http://www.securityfocus.com/bid/47199

Url: http://www.securityfocus.com/bid/47199

Url: http://www.vupen.com/english/advisories/2011/0894

Url: http://www.securitytracker.com/id?1025303

Url: http://securityreason.com/securityalert/8188

Url: https://github.com/apache/tomcat/commit/fd8a579e0e2379a84826b11700adf396e4ed2041

Url: https://issues.apache.org/bugzilla/show_bug.cgi?id=50957

Url: https://www.mend.io/vulnerability-database/CVE-2011-1475

Severity Score

3.7

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version org.apache.tomcat:tomcat-coyote:7.0.12,org.apache.tomcat.embed:tomcat-embed-core:7.0.12,org.apache.tomcat:tomcat-catalina:7.0.12

Learn More

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-1475

Good to know:

Date: April 8, 2011

Language: Java

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?