Published: 01/06/2013 Updated: 23/05/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x prior to 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent malicious users to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 7.0.15
apache tomcat 7.0.30
apache tomcat 7.0.23
apache tomcat 7.0.11
apache tomcat 7.0.0
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.13
apache tomcat 7.0.2
apache tomcat 7.0.1
apache tomcat 7.0.16
apache tomcat 7.0.7
apache tomcat 7.0.5
apache tomcat 7.0.6
apache tomcat 7.0.20
apache tomcat 7.0.17
apache tomcat 7.0.3
apache tomcat 7.0.19
apache tomcat 7.0.22
apache tomcat 7.0.21
apache tomcat 7.0.18
apache tomcat 7.0.14
apache tomcat 7.0.10
apache tomcat 7.0.28
apache tomcat 7.0.12
apache tomcat 7.0.9
apache tomcat 7.0.8
apache tomcat 7.0.32

java/org/apache/catalina/core/AsyncContextImpljava in Apache Tomcat 7x before 7040 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application t ...

Several security issues were fixed in Tomcat ...

java/org/apache/catalina/core/AsyncContextImpljava in Apache Tomcat 7x before 7040 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application t ...

Multiple security issues were found in the Tomcat servlet and JSP engine: CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a req ...

Debian Bug report logs - #707704 tomcat7: CVE-2013-2071 Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 10 May 2013 13:27:01 UTC Seve ...

CWE-200 http://svn.apache.org/viewvc?view=revision&revision=1471372 https://issues.apache.org/bugzilla/show_bug.cgi?id=54178 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AsyncContextImpl.java?r1=1471372&r2=1471371&pathrev=1471372 http://tomcat.apache.org/security-7.html http://www.ubuntu.com/usn/USN-1841-1 http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html http://archives.neohapsis.com/archives/bugtraq/2013-05/0040.html http://www.securityfocus.com/bid/64758 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://marc.info/?l=bugtraq&m=139344248911289&w=2 http://www.securityfocus.com/bid/59798 http://tools.cisco.com/security/center/viewAlert.x?alertId=29283 https://nvd.nist.gov https://usn.ubuntu.com/1841-1/https://access.redhat.com/security/cve/cve-2013-2071

CVE-2013-2071

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vendor Advisories

References

Vulmon Search

About

Products

Connect