Search for vulnerabilities
Vulnerability details: VCID-a8pg-33b2-aaap
Vulnerability ID VCID-a8pg-33b2-aaap
Aliases CVE-2011-1475
GHSA-h6c8-rg87-f3pc
Summary CVE-2011-1475 tomcat: Information disclosure due improper handling of HTTP pipelining
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00307 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00548 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00548 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00548 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.00548 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.11701 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
epss 0.13113 https://api.first.org/data/v1/epss?cve=CVE-2011-1475
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=708969
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475
generic_textual MODERATE http://seclists.org/fulldisclosure/2011/Apr/97
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-h6c8-rg87-f3pc
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat/commit/d2e8f2ede7dea39f75f68384f331f38f094e4ed3
generic_textual MODERATE https://github.com/apache/tomcat/commit/fd8a579e0e2379a84826b11700adf396e4ed2041
generic_textual MODERATE https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2011-1475
generic_textual MODERATE https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1086349
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1086352
generic_textual MODERATE https://web.archive.org/web/20120605200856/http://www.securityfocus.com/bid/47199
generic_textual MODERATE https://web.archive.org/web/20170202012852/http://www.securityfocus.com/archive/1/517363
generic_textual MODERATE https://web.archive.org/web/20170317142459/http://www.securitytracker.com/id?1025303
cvssv3.1 9.8 http://tomcat.apache.org/security-7.html
generic_textual CRITICAL http://tomcat.apache.org/security-7.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1475.json
https://api.first.org/data/v1/epss?cve=CVE-2011-1475
http://seclists.org/fulldisclosure/2011/Apr/97
http://securityreason.com/securityalert/8188
https://exchange.xforce.ibmcloud.com/vulnerabilities/66676
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/d2e8f2ede7dea39f75f68384f331f38f094e4ed3
https://github.com/apache/tomcat/commit/fd8a579e0e2379a84826b11700adf396e4ed2041
https://issues.apache.org/bugzilla/show_bug.cgi?id=50957
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374
https://svn.apache.org/viewvc?view=rev&rev=1086349
https://svn.apache.org/viewvc?view=rev&rev=1086352
http://svn.apache.org/viewvc?view=revision&revision=1086349
http://svn.apache.org/viewvc?view=revision&revision=1086352
https://web.archive.org/web/20120605200856/http://www.securityfocus.com/bid/47199
https://web.archive.org/web/20170202012852/http://www.securityfocus.com/archive/1/517363
https://web.archive.org/web/20170317142459/http://www.securitytracker.com/id?1025303
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/archive/1/517363
http://www.securityfocus.com/bid/47199
http://www.securitytracker.com/id?1025303
http://www.vupen.com/english/advisories/2011/0894
708969 https://bugzilla.redhat.com/show_bug.cgi?id=708969
cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
CVE-2011-1475 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1475
CVE-2011-1475 https://nvd.nist.gov/vuln/detail/CVE-2011-1475
GHSA-h6c8-rg87-f3pc https://github.com/advisories/GHSA-h6c8-rg87-f3pc
GLSA-201206-24 https://security.gentoo.org/glsa/201206-24
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1475
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-7.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.70381
EPSS Score 0.00307
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.