Description

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Remediation

References

CVE-2011-1475

Related Vulnerabilities

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Security Bypass (1.0.40.2)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17383)

Apache Traffic Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-11783)

Moodle Numeric Errors Vulnerability (CVE-2011-4305)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27889)

Severity

Medium

Classification

CVE-2011-1475 CWE-20

Tags

Missing Update Known Vulnerabilities