{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-16T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "DSA-2401", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2401"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-7.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://tomcat.apache.org/security-6.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3375", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-2401", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2012/dsa-2401"}, {"name": "http://tomcat.apache.org/security-7.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-7.html"}, {"name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:29:56.702Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-2401", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2401"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-7.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://tomcat.apache.org/security-6.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3375", "datePublished": "2012-01-19T02:00:00", "dateReserved": "2011-08-30T00:00:00", "dateUpdated": "2024-08-06T23:29:56.702Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "A9E03BE3-60CC-4415-B993-D0BB00F87A30", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "CE92E59A-FF0D-4D1A-8B12-CC41A7E1FD3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "BFD64FE7-ABAF-49F3-B8D0-91C37C822F4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "48E5E8C3-21AD-4230-B945-AB7DE66307B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F8C62EF-1B67-456A-9C66-755439CF8556", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A819E245-D641-4F19-9139-6C940504F6E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C381275-10C5-4939-BCE3-0D1F3B3CB2EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7205475A-6D04-4042-B24E-1DA5A57029B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "08022987-B36B-4F63-88A5-A8F59195DF4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FF4B7557-EF35-451E-B55D-3296966695AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "8980E61E-27BE-4858-82B3-C0E8128AF521", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "8756BF9B-3E24-4677-87AE-31CE776541F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "88CE057E-2092-4C98-8D0C-75CF439D0A9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "8F194580-EE6D-4E38-87F3-F0661262256B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "A9731BAA-4C6C-4259-B786-F577D8A90FA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "1F74A421-D019-4248-84B8-C70D4D9A8A95", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "2BA27FF9-4C66-4E17-95C0-1CB2DAA6AFC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "05346F5A-FB52-4376-AAC7-9A5308216545", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "305688F2-50A6-41FB-8614-BC589DB9A789", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "D24AA431-C436-4AA5-85DF-B9AAFF2548FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "25966344-15D5-4101-9346-B06BFD2DFFF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "11F4CBAC-27B1-4EFF-955A-A63B457D0578", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "FD55B338-9DBE-4643-ABED-A08964D3AF7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "0D4F710E-06EA-48F4-AC6A-6F143950F015", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "2C4936C2-0B2D-4C44-98C3-443090965F5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "48453405-2319-4327-9F4C-6F70B49452C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data."}, {"lang": "es", "value": "Apache Tomcat v6.0.30 a v6.0.33 y v7.x antes de v7.0.22 no realiza correctamente ciertas operaciones de almacenamiento en cach\u00e9 y reciclado de objetos de solicitud, lo cual permite a atacantes remotos obtener acceso de lectura a la direcci\u00f3n IP y a la informaci\u00f3n de la cabecera HTTP en determinadas circunstancias leyendo datos TCP."}], "id": "CVE-2011-3375", "lastModified": "2012-02-16T04:16:41.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-01-19T04:01:16.927", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://tomcat.apache.org/security-6.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://tomcat.apache.org/security-7.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2401"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0682", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5", "package": "tomcat6-0:6.0.32-24_patch_07.ep5.el5", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5", "release_date": "2012-05-21T00:00:00Z"}, {"advisory": "RHSA-2012:0682", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el6", "package": "tomcat6-0:6.0.32-24_patch_07.ep5.el6", "product_name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 6", "release_date": "2012-05-21T00:00:00Z"}, {"advisory": "RHSA-2012:0681", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1.0", "product_name": "Red Hat JBoss Web Server 1.0", "release_date": "2012-05-21T00:00:00Z"}], "bugzilla": {"description": "tomcat: information disclosure due to improper response and request object recycling", "id": "782624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782624"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data."], "name": "CVE-2011-3375", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "tomcat6", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-01-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-3375\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-3375"], "threat_severity": "Moderate", "upstream_fix": "tomcat6 6.0.35"}