PT-2013-3528 · Apache · Apache Tomcat

Wan_Jm

Published

2013-05-09

Updated

2022-05-17

CVE-2013-2071

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.0 through 7.0.39

Description The issue arises from the improper handling of a RuntimeException in an AsyncListener within an application. This allows attackers to obtain sensitive request information intended for other applications under certain circumstances. The scenario is difficult to exploit deliberately but may occur unexpectedly if an application uses AsyncListeners that throw RuntimeExceptions.

Recommendations For Apache Tomcat versions 7.0.0 through 7.0.39, update to version 7.0.40 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-2071

DSA-2897-1

GHSA-3P5R-7CW3-2M67

MGASA-2013-0191

RHSA-2013:1011

RHSA-2013:1012

Affected Products

Apache Tomcat

PT-2013-3528 · Apache · Apache Tomcat

CVE-2013-2071

Weakness Enumeration

Related Identifiers

Affected Products

References · 22