CVE-2011-3375: Exposure of Sensitive Information to an Unauthorized Actor

May 17, 2022 (updated January 19, 2024)

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

References

tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
www.debian.org/security/2012/dsa-2401
github.com/advisories/GHSA-rp8h-vr48-4j8p
github.com/apache/tomcat/commit/9eae334e9492f55a841e6eb7ab302ff11d03ab21
nvd.nist.gov/vuln/detail/CVE-2011-3375

Detect and mitigate CVE-2011-3375 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →