CVE-2011-1475

Apache Tomcat 7.0.0-7.0.11 - Information Disclosure via HTTP Pipelining

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-1475. PoCs published by samaujs.

AI-analyzed exploit summary The repository contains a minimal Maven project with a generic 'Hello World' application and no functional exploit code for CVE-2011-1475. The README lacks technical details about the vulnerability or exploitation mechanism.

Description

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Exploits (1)

nomisec STUB

by samaujs · poc

https://github.com/samaujs/CVE-2011-1475

View Code ZIP pw:eip

The repository contains a minimal Maven project with a generic 'Hello World' application and no functional exploit code for CVE-2011-1475. The README lacks technical details about the vulnerability or exploitation mechanism.

Classification

Stub 95%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Unknown (CVE-2011-1475 is related to Apache Tomcat)

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (12)

Core 12

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0894

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/47199

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8188

Vendor Advisory x_refsource_confirm

http://tomcat.apache.org/security-7.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1025303

Various Sources x_refsource_misc

https://issues.apache.org/bugzilla/show_bug.cgi?id=50957

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/517363

Patch x_refsource_confirm

http://svn.apache.org/viewvc?view=revision&revision=1086349

Patch x_refsource_confirm

http://svn.apache.org/viewvc?view=revision&revision=1086352

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2011/Apr/97

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/66676

Scores

EPSS 0.1170

EPSS Percentile 93.9%

Details

CWE

CWE-20

Status published

Products (13)

apache/tomcat 7.0.0 (2 CPE variants)

apache/tomcat 7.0.1

apache/tomcat 7.0.2

apache/tomcat 7.0.3

apache/tomcat 7.0.4

apache/tomcat 7.0.5

apache/tomcat 7.0.6

apache/tomcat 7.0.7

apache/tomcat 7.0.8

apache/tomcat 7.0.9

... and 3 more

Published Apr 08, 2011

Tracked Since Feb 18, 2026