Search for vulnerabilities
Vulnerability details: VCID-21dz-gxvm-aaam
Vulnerability ID VCID-21dz-gxvm-aaam
Aliases CVE-2011-3375
GHSA-rp8h-vr48-4j8p
Summary Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0681
rhas Moderate https://access.redhat.com/errata/RHSA-2012:0682
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.00250 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.02015 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
epss 0.04021 https://api.first.org/data/v1/epss?cve=CVE-2011-3375
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=782624
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-rp8h-vr48-4j8p
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2011-3375
cvssv3.1 9.8 http://tomcat.apache.org/security-6.html
generic_textual CRITICAL http://tomcat.apache.org/security-6.html
cvssv3.1 9.8 http://tomcat.apache.org/security-7.html
generic_textual CRITICAL http://tomcat.apache.org/security-7.html
generic_textual MODERATE http://www.debian.org/security/2012/dsa-2401
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3375.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3375
https://github.com/apache/tomcat
https://github.com/apache/tomcat70/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21
https://github.com/apache/tomcat/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21
https://svn.apache.org/viewvc?view=rev&rev=1176592
https://svn.apache.org/viewvc?view=rev&rev=1185998
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.debian.org/security/2012/dsa-2401
782624 https://bugzilla.redhat.com/show_bug.cgi?id=782624
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2011-3375 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375
CVE-2011-3375 https://nvd.nist.gov/vuln/detail/CVE-2011-3375
GHSA-rp8h-vr48-4j8p https://github.com/advisories/GHSA-rp8h-vr48-4j8p
GLSA-201206-24 https://security.gentoo.org/glsa/201206-24
RHSA-2012:0681 https://access.redhat.com/errata/RHSA-2012:0681
RHSA-2012:0682 https://access.redhat.com/errata/RHSA-2012:0682
USN-1359-1 https://usn.ubuntu.com/1359-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-3375
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-6.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-7.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.65395
EPSS Score 0.00250
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.