CVE-2013-2071

Priority
Description
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x
before 7.0.40 does not properly handle the throwing of a RuntimeException
in an AsyncListener in an application, which allows context-dependent
attackers to obtain sensitive request information intended for other
applications in opportunistic circumstances via an application that records
the requests that it processes.
Notes
Package
Upstream:not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:released (7.0.40)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (7.0.40-1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (7.0.40-1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1471372
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1475792 (related)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1408937 (backporting)
More Information

Updated: 2019-12-05 21:03:49 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)