CVE-2011-3375

2012-01-1904:01:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2011-3375

apache tomcat

remote attackers

read access

ip address

http header

tcp data

5 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

64.6%

JSON

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

CPENameOperatorVersion
apache:tomcatapache tomcateq6.0.33
apache:tomcatapache tomcateq6.0.31
apache:tomcatapache tomcateq6.0.32
apache:tomcatapache tomcateq6.0.30
apache:tomcatapache tomcateq7.0.12
apache:tomcatapache tomcateq7.0.20
apache:tomcatapache tomcateq7.0.8
apache:tomcatapache tomcateq7.0.1
apache:tomcatapache tomcateq7.0.2
apache:tomcatapache tomcateq7.0.5

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	6.0.33
apache:tomcat	apache tomcat	eq	6.0.31
apache:tomcat	apache tomcat	eq	6.0.32
apache:tomcat	apache tomcat	eq	6.0.30
apache:tomcat	apache tomcat	eq	7.0.12
apache:tomcat	apache tomcat	eq	7.0.20
apache:tomcat	apache tomcat	eq	7.0.8
apache:tomcat	apache tomcat	eq	7.0.1
apache:tomcat	apache tomcat	eq	7.0.2
apache:tomcat	apache tomcat	eq	7.0.5