Back to search
CVE-2013-2071
Published: Jun 1, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://svn.apache.org/viewvc?view=revision&revision=1471372
x_refsource_CONFIRM
https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
x_refsource_CONFIRM
FEDORA-2013-7999
vendor-advisory
x_refsource_FEDORA
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
FEDORA-2013-7979
vendor-advisory
x_refsource_FEDORA
20130510 CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException
mailing-list
x_refsource_BUGTRAQ
USN-1841-1
vendor-advisory
x_refsource_UBUNTU
59798
vdb-entry
x_refsource_BID
64758
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
x_refsource_CONFIRM
openSUSE-SU-2013:1306
vendor-advisory
x_refsource_SUSE
FEDORA-2013-7993
vendor-advisory
x_refsource_FEDORA
HPSBMU02966
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now