Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Jan 17, 2024
Package
Affected versions
>= 7.0.0, < 7.0.12
Patched versions
7.0.12
Description
Published by the National Vulnerability Database
Apr 8, 2011
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Jan 17, 2024
Reviewed
Jan 17, 2024
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
References