CVE-2011-3375
tomcat: information disclosure due to improper response and request object recycling
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
Apache Tomcat v6.0.30 a v6.0.33 y v7.x antes de v7.0.22 no realiza correctamente ciertas operaciones de almacenamiento en caché y reciclado de objetos de solicitud, lo cual permite a atacantes remotos obtener acceso de lectura a la dirección IP y a la información de la cabecera HTTP en determinadas circunstancias leyendo datos TCP.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-08-30 CVE Reserved
- 2012-01-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (5)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tomcat.apache.org/security-6.html | 2012-02-16 | |
| http://tomcat.apache.org/security-7.html | 2012-02-16 | |
| http://www.debian.org/security/2012/dsa-2401 | 2012-02-16 | |
| https://access.redhat.com/security/cve/CVE-2011-3375 | 2012-05-21 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=782624 | 2012-05-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.30 Search vendor "Apache" for product "Tomcat" and version "6.0.30" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.31 Search vendor "Apache" for product "Tomcat" and version "6.0.31" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.32 Search vendor "Apache" for product "Tomcat" and version "6.0.32" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 6.0.33 Search vendor "Apache" for product "Tomcat" and version "6.0.33" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.0 Search vendor "Apache" for product "Tomcat" and version "7.0.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.1 Search vendor "Apache" for product "Tomcat" and version "7.0.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.2 Search vendor "Apache" for product "Tomcat" and version "7.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.3 Search vendor "Apache" for product "Tomcat" and version "7.0.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.4 Search vendor "Apache" for product "Tomcat" and version "7.0.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.5 Search vendor "Apache" for product "Tomcat" and version "7.0.5" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.6 Search vendor "Apache" for product "Tomcat" and version "7.0.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.7 Search vendor "Apache" for product "Tomcat" and version "7.0.7" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.8 Search vendor "Apache" for product "Tomcat" and version "7.0.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.9 Search vendor "Apache" for product "Tomcat" and version "7.0.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.10 Search vendor "Apache" for product "Tomcat" and version "7.0.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.11 Search vendor "Apache" for product "Tomcat" and version "7.0.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.12 Search vendor "Apache" for product "Tomcat" and version "7.0.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.13 Search vendor "Apache" for product "Tomcat" and version "7.0.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.14 Search vendor "Apache" for product "Tomcat" and version "7.0.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.15 Search vendor "Apache" for product "Tomcat" and version "7.0.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.16 Search vendor "Apache" for product "Tomcat" and version "7.0.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.17 Search vendor "Apache" for product "Tomcat" and version "7.0.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.18 Search vendor "Apache" for product "Tomcat" and version "7.0.18" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.19 Search vendor "Apache" for product "Tomcat" and version "7.0.19" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.20 Search vendor "Apache" for product "Tomcat" and version "7.0.20" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Tomcat Search vendor "Apache" for product "Tomcat" | 7.0.21 Search vendor "Apache" for product "Tomcat" and version "7.0.21" | - |
Affected
| ||||||