CVE-2011-3375

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.0.30 through 6.0.33 Apache Tomcat versions 7.x before 7.0.22

Description The issue arises from improper caching and recycling operations involving request objects, allowing remote attackers to obtain unintended read access to IP address and HTTP header information in certain circumstances by reading TCP data. This occurs because the internal request object and internal processor object are not recycled at the same time, leading to information leakage from one request to the next when errors trigger the re-population of the request object after it has been recycled.

Recommendations For Apache Tomcat versions 6.0.30 through 6.0.33, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 7.x before 7.0.22, update to version 7.0.22 or later to resolve the issue.