cve-2011-1475
Vulnerability from cvelistv5
Published
2011-04-08 15:00
Modified
2024-08-06 22:28
Severity ?
Summary
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
References
secalert@redhat.comhttp://seclists.org/fulldisclosure/2011/Apr/97
secalert@redhat.comhttp://securityreason.com/securityalert/8188
secalert@redhat.comhttp://svn.apache.org/viewvc?view=revision&revision=1086349Patch
secalert@redhat.comhttp://svn.apache.org/viewvc?view=revision&revision=1086352Patch
secalert@redhat.comhttp://tomcat.apache.org/security-7.htmlVendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/archive/1/517363
secalert@redhat.comhttp://www.securityfocus.com/bid/47199
secalert@redhat.comhttp://www.securitytracker.com/id?1025303
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0894
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/66676
secalert@redhat.comhttps://issues.apache.org/bugzilla/show_bug.cgi?id=50957
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2011/Apr/97
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8188
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc?view=revision&revision=1086349Patch
af854a3a-2127-422b-91ae-364da2661108http://svn.apache.org/viewvc?view=revision&revision=1086352Patch
af854a3a-2127-422b-91ae-364da2661108http://tomcat.apache.org/security-7.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/517363
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/47199
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025303
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0894
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0894",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0894"
          },
          {
            "name": "47199",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47199"
          },
          {
            "name": "oval:org.mitre.oval:def:12374",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374"
          },
          {
            "name": "8188",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8188"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "name": "1025303",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025303"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=50957"
          },
          {
            "name": "20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/517363"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1086349"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1086352"
          },
          {
            "name": "20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2011/Apr/97"
          },
          {
            "name": "tomcat-httpbio-info-disclosure(66676)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66676"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to \"a mix-up of responses for requests from different users.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2011-0894",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0894"
        },
        {
          "name": "47199",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47199"
        },
        {
          "name": "oval:org.mitre.oval:def:12374",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374"
        },
        {
          "name": "8188",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8188"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-7.html"
        },
        {
          "name": "1025303",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025303"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=50957"
        },
        {
          "name": "20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/517363"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1086349"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1086352"
        },
        {
          "name": "20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2011/Apr/97"
        },
        {
          "name": "tomcat-httpbio-info-disclosure(66676)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66676"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1475",
    "datePublished": "2011-04-08T15:00:00",
    "dateReserved": "2011-03-21T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F8C62EF-1B67-456A-9C66-755439CF8556\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"33E9607B-4D28-460D-896B-E4B7FA22441E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A819E245-D641-4F19-9139-6C940504F6E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7205475A-6D04-4042-B24E-1DA5A57029B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08022987-B36B-4F63-88A5-A8F59195DF4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF4B7557-EF35-451E-B55D-3296966695AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8980E61E-27BE-4858-82B3-C0E8128AF521\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8756BF9B-3E24-4677-87AE-31CE776541F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F194580-EE6D-4E38-87F3-F0661262256B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F74A421-D019-4248-84B8-C70D4D9A8A95\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to \\\"a mix-up of responses for requests from different users.\\\"\"}, {\"lang\": \"es\", \"value\": \"El conector HTTP BIO en Apache Tomcat v7.0.x anterior a v7.0.12 no controla correctamente HTTP \\\"pipelining\\\", permitiendo a atacantes remotos leer las respuestas para otros clientes en circunstancias oportunistas mediante la examinaci\\u00f3n de los datos de la aplicaci\\u00f3n en paquetes HTTP, relacionado con una \\\"una mezcla de respuestas a las peticiones de los diferentes usuarios\\\"\"}]",
      "id": "CVE-2011-1475",
      "lastModified": "2024-11-21T01:26:24.127",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-04-08T15:17:28.243",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2011/Apr/97\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://securityreason.com/securityalert/8188\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1086349\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1086352\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://tomcat.apache.org/security-7.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/517363\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/47199\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id?1025303\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0894\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66676\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://issues.apache.org/bugzilla/show_bug.cgi?id=50957\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2011/Apr/97\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/8188\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1086349\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1086352\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://tomcat.apache.org/security-7.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/517363\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/47199\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1025303\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0894\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/66676\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.apache.org/bugzilla/show_bug.cgi?id=50957\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1475\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-04-08T15:17:28.243\",\"lastModified\":\"2024-11-21T01:26:24.127\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to \\\"a mix-up of responses for requests from different users.\\\"\"},{\"lang\":\"es\",\"value\":\"El conector HTTP BIO en Apache Tomcat v7.0.x anterior a v7.0.12 no controla correctamente HTTP \\\"pipelining\\\", permitiendo a atacantes remotos leer las respuestas para otros clientes en circunstancias oportunistas mediante la examinaci\u00f3n de los datos de la aplicaci\u00f3n en paquetes HTTP, relacionado con una \\\"una mezcla de respuestas a las peticiones de los diferentes usuarios\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F8C62EF-1B67-456A-9C66-755439CF8556\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"33E9607B-4D28-460D-896B-E4B7FA22441E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A819E245-D641-4F19-9139-6C940504F6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C381275-10C5-4939-BCE3-0D1F3B3CB2EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7205475A-6D04-4042-B24E-1DA5A57029B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08022987-B36B-4F63-88A5-A8F59195DF4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF4B7557-EF35-451E-B55D-3296966695AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8980E61E-27BE-4858-82B3-C0E8128AF521\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8756BF9B-3E24-4677-87AE-31CE776541F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88CE057E-2092-4C98-8D0C-75CF439D0A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F194580-EE6D-4E38-87F3-F0661262256B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9731BAA-4C6C-4259-B786-F577D8A90FA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F74A421-D019-4248-84B8-C70D4D9A8A95\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2011/Apr/97\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/8188\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1086349\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1086352\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/517363\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/47199\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1025303\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0894\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/66676\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=50957\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2011/Apr/97\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/8188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1086349\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1086352\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://tomcat.apache.org/security-7.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/517363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/47199\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/66676\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=50957\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.