GitHub Advisory DatabaseGHSA-3P5R-7CW3-2M67Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
58.7%
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.tomcat:tomcat | lt | 7.0.40 |
References
archives.neohapsis.com/archives/bugtraq/2013-05/0040.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/105855.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html
lists.fedoraproject.org/pipermail/package-announce/2013-May/106342.html
lists.opensuse.org/opensuse-updates/2013-08/msg00013.html
marc.info/?l=bugtraq&m=139344248911289&w=2
svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/AsyncContextImpl.java?r1=1471372&r2=1471371&pathrev=1471372
svn.apache.org/viewvc?view=revision&revision=1471372
tomcat.apache.org/security-7.html
www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
www.ubuntu.com/usn/USN-1841-1
github.com/advisories/GHSA-3p5r-7cw3-2m67
issues.apache.org/bugzilla/show_bug.cgi?id=54178
nvd.nist.gov/vuln/detail/CVE-2013-2071
Related
2.6 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
58.7%