Description
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2401
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-7.html
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Scores
EPSS
0.0669
EPSS Percentile
93.1%
Details
CWE
CWE-200
Status
published
Products (27)
apache/tomcat
6.0.30
apache/tomcat
6.0.31
apache/tomcat
6.0.32
apache/tomcat
6.0.33
apache/tomcat
7.0.0
apache/tomcat
7.0.1
apache/tomcat
7.0.2
apache/tomcat
7.0.3
apache/tomcat
7.0.4
apache/tomcat
7.0.5
... and 17 more
Published
Jan 19, 2012
Tracked Since
Feb 18, 2026