CVE-2013-2071

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.39

Description The issue arises from the improper handling of a RuntimeException in an AsyncListener within an application. This allows attackers to obtain sensitive request information intended for other applications under certain circumstances. The scenario is difficult to exploit deliberately but may occur unexpectedly if an application uses AsyncListeners that throw RuntimeExceptions.

Recommendations For Apache Tomcat versions 7.0.0 through 7.0.39, update to version 7.0.40 or later to resolve the issue.