Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-5eqm-218u-p7gq
Vulnerability ID VCID-5eqm-218u-p7gq
Aliases CVE-2011-1475
GHSA-h6c8-rg87-f3pc
Summary The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475
generic_textual MODERATE http://seclists.org/fulldisclosure/2011/Apr/97
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-h6c8-rg87-f3pc
generic_textual MODERATE https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/d2e8f2ede7dea39f75f68384f331f38f094e4ed3
generic_textual MODERATE https://github.com/apache/tomcat/commit/fd8a579e0e2379a84826b11700adf396e4ed2041
generic_textual MODERATE https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2011-1475
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2011-1475
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1086349
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1086352
generic_textual MODERATE https://web.archive.org/web/20120605200856/http://www.securityfocus.com/bid/47199
generic_textual MODERATE https://web.archive.org/web/20170202012852/http://www.securityfocus.com/archive/1/517363
generic_textual MODERATE https://web.archive.org/web/20170317142459/http://www.securitytracker.com/id?1025303
generic_textual MODERATE http://tomcat.apache.org/security-7.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1475.json
https://api.first.org/data/v1/epss?cve=CVE-2011-1475
http://seclists.org/fulldisclosure/2011/Apr/97
http://securityreason.com/securityalert/8188
https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/d2e8f2ede7dea39f75f68384f331f38f094e4ed3
https://github.com/apache/tomcat/commit/fd8a579e0e2379a84826b11700adf396e4ed2041
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
https://nvd.nist.gov/vuln/detail/CVE-2011-1475
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
https://svn.apache.org/viewvc?view=rev&rev=1086349
https://svn.apache.org/viewvc?view=rev&rev=1086352
http://svn.apache.org/viewvc?view=revision&revision=1086349
http://svn.apache.org/viewvc?view=revision&revision=1086352
https://web.archive.org/web/20120605200856/http://www.securityfocus.com/bid/47199
https://web.archive.org/web/20170202012852/http://www.securityfocus.com/archive/1/517363
https://web.archive.org/web/20170317142459/http://www.securitytracker.com/id?1025303
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/archive/1/517363
http://www.securityfocus.com/bid/47199
http://www.securitytracker.com/id?1025303
http://www.vupen.com/english/advisories/2011/0894
708969 https://bugzilla.redhat.com/show_bug.cgi?id=708969
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2011-1475 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475
GHSA-h6c8-rg87-f3pc https://github.com/advisories/GHSA-h6c8-rg87-f3pc
GLSA-201206-24 https://security.gentoo.org/glsa/201206-24
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1475
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93647
EPSS Score 0.11701
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:15.658330+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-7.html 38.0.0