CVE-2011-3375

Apache Tomcat <7.0.22 - Info Disclosure

Title source: llm
STIX 2.1

Description

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2401
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-7.html
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html

Scores

EPSS 0.0669
EPSS Percentile 93.1%

Details

CWE
CWE-200
Status published
Products (27)
apache/tomcat 6.0.30
apache/tomcat 6.0.31
apache/tomcat 6.0.32
apache/tomcat 6.0.33
apache/tomcat 7.0.0
apache/tomcat 7.0.1
apache/tomcat 7.0.2
apache/tomcat 7.0.3
apache/tomcat 7.0.4
apache/tomcat 7.0.5
... and 17 more
Published Jan 19, 2012
Tracked Since Feb 18, 2026