Description

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

Remediation

References

CVE-2011-3375

Related Vulnerabilities

Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)

Cherokee Out-of-bounds Write Vulnerability (CVE-2019-20800)

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2009-1377)

WordPress Plugin PI Button includes Backdoor [Only if downloaded via the vendor website] (3.3.3)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0211)

Severity

Medium

Classification

CVE-2011-3375 CWE-200

Tags

Missing Update Known Vulnerabilities