Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
References
Link | Resource |
---|---|
http://tomcat.apache.org/security-6.html | Vendor Advisory |
http://tomcat.apache.org/security-7.html | Vendor Advisory |
http://www.debian.org/security/2012/dsa-2401 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2012-01-19 04:01
Updated : 2024-02-04 17:54
NVD link : CVE-2011-3375
Mitre link : CVE-2011-3375
CVE.ORG link : CVE-2011-3375
JSON object : View
Products Affected
apache
- tomcat
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor