FortiClient VulnerabilityApache Tomcat CVE-2011-3375 Information Disclosure Vulnerability
Description
For performance reasons, information parsed from a request is often cached in two places: the internal request object and the internal processor object. These objects are not recycled at exactly the same time. When certain errors occur that needed to be added to the access log, the access logging process triggers the re-population of the request object after it has been recycled. However, the request object was not recycled before being used for the next request. That lead to information leakage (e.g. remote IP address, HTTP headers) from the previous request to the next request. The issue was resolved be ensuring that the request and response objects were recycled after being re-populated to generate the necessary access log entries.
Affected Applications
Apache Tomcat
CVE References
CVE-2011-3375Other References
http://tomcat.apache.org/security.html| ID | 43245 |
| Created | Jan 17, 2020 |
| Description Updated |
Dec 14, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Linux |
| Vendor | Apache |
| Patch | manual |
| Application | Apache Tomcat |