Description

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Remediation

References

CVE-2011-1475

Related Vulnerabilities

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-9591)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1319)

Ruby on Rails Inefficient Regular Expression Complexity Vulnerability (CVE-2023-22792)

WordPress Plugin VRView Cross-Site Scripting (1.1.3)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2266)

Severity

Medium

Classification

CVE-2011-1475 CWE-20

Tags

Missing Update Known Vulnerabilities