Published: 01/06/2013 Updated: 23/05/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x prior to 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent malicious users to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache tomcat 7.0.15
apache tomcat 7.0.30
apache tomcat 7.0.23
apache tomcat 7.0.11
apache tomcat 7.0.0
apache tomcat 7.0.4
apache tomcat 7.0.25
apache tomcat 7.0.13
apache tomcat 7.0.2
apache tomcat 7.0.1
apache tomcat 7.0.16
apache tomcat 7.0.7
apache tomcat 7.0.5
apache tomcat 7.0.6
apache tomcat 7.0.20
apache tomcat 7.0.17
apache tomcat 7.0.3
apache tomcat 7.0.19
apache tomcat 7.0.22
apache tomcat 7.0.21
apache tomcat 7.0.18
apache tomcat 7.0.14
apache tomcat 7.0.10
apache tomcat 7.0.28
apache tomcat 7.0.12
apache tomcat 7.0.9
apache tomcat 7.0.8
apache tomcat 7.0.32

Several security issues were fixed in Tomcat ...

Debian Bug report logs - #707704 tomcat7: CVE-2013-2071 Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 10 May 2013 13:27:01 UTC Seve ...

Multiple security issues were found in the Tomcat servlet and JSP engine: CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a req ...

java/org/apache/catalina/core/AsyncContextImpljava in Apache Tomcat 7x before 7040 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application t ...

CWE-200 http://svn.apache.org/viewvc?view=revision&revision=1471372 https://issues.apache.org/bugzilla/show_bug.cgi?id=54178 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AsyncContextImpl.java?r1=1471372&r2=1471371&pathrev=1471372 http://tomcat.apache.org/security-7.html http://www.ubuntu.com/usn/USN-1841-1 http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html http://archives.neohapsis.com/archives/bugtraq/2013-05/0040.html http://www.securityfocus.com/bid/64758 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://marc.info/?l=bugtraq&m=139344248911289&w=2 http://www.securityfocus.com/bid/59798 https://usn.ubuntu.com/1841-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-2071

CVE-2013-2071

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect