Lucene search

[email protected]CVE-2011-3375

HistoryJan 19, 2012 - 4:01 a.m.

CVE-2011-3375

2012-01-1904:01:16

CWE-200

[email protected]

web.nvd.nist.gov

cve-2011-3375

apache tomcat

remote attackers

read access

ip address

http header

tcp data

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

3.9 Low

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.2%

JSON

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

Affected configurations

NVD

Node

apachetomcatMatch6.0.30

apachetomcatMatch6.0.31

apachetomcatMatch6.0.32

apachetomcatMatch6.0.33

Node

apachetomcatMatch7.0.0

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.5

apachetomcatMatch7.0.6

apachetomcatMatch7.0.7

apachetomcatMatch7.0.8

apachetomcatMatch7.0.9

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.15

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.18

apachetomcatMatch7.0.19

apachetomcatMatch7.0.20

apachetomcatMatch7.0.21

CPENameOperatorVersion
apache:tomcatapache tomcateq6.0.30
apache:tomcatapache tomcateq6.0.31
apache:tomcatapache tomcateq6.0.32
apache:tomcatapache tomcateq6.0.33