Published: 19/01/2012 Updated: 16/02/2012

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Apache Tomcat 6.0.30 up to and including 6.0.33 and 7.x prior to 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote malicious users to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 6.0.33
apache tomcat 6.0.30
apache tomcat 6.0.31
apache tomcat 6.0.32
apache tomcat 7.0.15
apache tomcat 7.0.14
apache tomcat 7.0.6
apache tomcat 7.0.5
apache tomcat 7.0.21
apache tomcat 7.0.20
apache tomcat 7.0.13
apache tomcat 7.0.12
apache tomcat 7.0.11
apache tomcat 7.0.4
apache tomcat 7.0.3
apache tomcat 7.0.19
apache tomcat 7.0.18
apache tomcat 7.0.10
apache tomcat 7.0.9
apache tomcat 7.0.2
apache tomcat 7.0.1
apache tomcat 7.0.17
apache tomcat 7.0.16
apache tomcat 7.0.8
apache tomcat 7.0.7
apache tomcat 7.0.0

Synopsis Moderate: tomcat6 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated tomcat6 packages that fix multiple security issues and three bugsare now available for JBoss Enterprise Web Server 102 for Red HatEnterprise Linux 5 and 6The Red Hat Security Response Team has r ...

Tomcat could be made to crash or expose sensitive information if it received specially crafted network traffic ...

CWE-200 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html http://www.debian.org/security/2012/dsa-2401 https://access.redhat.com/errata/RHSA-2012:0682 https://nvd.nist.gov https://usn.ubuntu.com/1359-1/

CVE-2011-3375

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect