CVE-2013-2071
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
01/06/2013
Last modified:
11/04/2025
Description
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
Impact
Base Score 2.0
2.60
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0040.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
- http://marc.info/?l=bugtraq&m=139344248911289&w=2
- http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AsyncContextImpl.java?r1=1471372&r2=1471371&pathrev=1471372
- http://svn.apache.org/viewvc?view=revision&revision=1471372
- http://tomcat.apache.org/security-7.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/59798
- http://www.securityfocus.com/bid/64758
- http://www.ubuntu.com/usn/USN-1841-1
- https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0040.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html
- http://lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
- http://marc.info/?l=bugtraq&m=139344248911289&w=2
- http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AsyncContextImpl.java?r1=1471372&r2=1471371&pathrev=1471372
- http://svn.apache.org/viewvc?view=revision&revision=1471372
- http://tomcat.apache.org/security-7.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://www.securityfocus.com/bid/59798
- http://www.securityfocus.com/bid/64758
- http://www.ubuntu.com/usn/USN-1841-1
- https://issues.apache.org/bugzilla/show_bug.cgi?id=54178