Improper Input Validation Affecting org.apache.tomcat:tomcat-coyote package, versions [7.0.0,7.0.12)
Threat Intelligence
EPSS
0.31% (71st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHETOMCAT-30922
- published 8 Sep 2014
- disclosed 8 Apr 2011
- credit Unknown
Overview
org.apache.tomcat:tomcat-coyote
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
References
CVSS Scores
version 3.1