CVE-2011-1475
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
EPSS 11.7%
Description
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
How to fix CVE-2011-1475
To remediate CVE-2011-1475, upgrade the affected package to a fixed version below.
- Maven/org.apache.tomcat:tomcat—upgrade to 7.0.12 or later
Is CVE-2011-1475 being exploited?
Moderate — EPSS is 11.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- >= 7.0.0, < 7.0.12