CVE-2011-1475

{"id": "CVE-2011-1475", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-08T15:17:28.243", "references": [{"url": "http://seclists.org/fulldisclosure/2011/Apr/97", "source": "secalert@redhat.com"}, {"url": "http://securityreason.com/securityalert/8188", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1086349", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1086352", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://tomcat.apache.org/security-7.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/517363", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/47199", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1025303", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0894", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66676", "source": "secalert@redhat.com"}, {"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=50957", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to \"a mix-up of responses for requests from different users.\""}, {"lang": "es", "value": "El conector HTTP BIO en Apache Tomcat v7.0.x anterior a v7.0.12 no controla correctamente HTTP \"pipelining\", permitiendo a atacantes remotos leer las respuestas para otros clientes en circunstancias oportunistas mediante la examinaci\u00f3n de los datos de la aplicaci\u00f3n en paquetes HTTP, relacionado con una \"una mezcla de respuestas a las peticiones de los diferentes usuarios\""}], "lastModified": "2017-09-19T01:32:41.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33E9607B-4D28-460D-896B-E4B7FA22441E"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8980E61E-27BE-4858-82B3-C0E8128AF521"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8756BF9B-3E24-4677-87AE-31CE776541F0"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88CE057E-2092-4C98-8D0C-75CF439D0A9C"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F194580-EE6D-4E38-87F3-F0661262256B"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1"}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}