Summary: | <www-servers/tomcat-6.0.35 Request Object Recycle Security Bypass (CVE-2011-3375) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/47554/ | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 395933 | ||
Bug Blocks: |
Description
Michael Harrison
2012-01-17 23:32:39 UTC
We need to get the unaffected versions stable before we can go to [glsa?] ;) CVE-2011-3375 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375): Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. Thanks, folks. GLSA Vote: yes. GLSA vote: yes. Added to existing GLSA request. no affected version in the tree anymore This issue was resolved and addressed in GLSA 201206-24 at http://security.gentoo.org/glsa/glsa-201206-24.xml by GLSA coordinator Tobias Heinlein (keytoaster). |