Summary
This host is running Apache Tomcat and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to obtain sensitive information that may aid in further attacks.
Impact Level: Application
Solution
Upgrade Apache Tomcat version to 7.0.12 or later,
For updates refer to http://tomcat.apache.org
Insight
The flaw is due to an improper handling of HTTP pipelining. A remote attacker could exploit this vulnerability to read responses intended for another user and obtain sensitive information.
Affected
Apache Tomcat version 7.0.x before 7.0.12
Detection
Get the installed version of Apache Tomcat with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2011-1475 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability