Improper Input Validation Affecting org.apache.tomcat.embed:tomcat-embed-core package, versions [7.0.0,7.0.12)


0.0
medium
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHETOMCATEMBED-30960

  • published

    8 Sep 2014

  • disclosed

    8 Apr 2011

  • credit

    Unknown

Overview

org.apache.tomcat.embed:tomcat-embed-core The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

References