CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.9%
Moderate: Information disclosure CVE-2013-2071
Bug 54178 described a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but fairly likely to happen unexpectedly if an application used AsyncListeners that threw RuntimeExceptions.
This was fixed in revision 1471372.
The root cause of the problem was identified as a Tomcat bug on 2 April 2013. The Tomcat security team identified the security implications on 24 April 2013 and made those details public on 10 May 2013.
Affects: 7.0.0-7.0.39
Important: Remote Code Execution CVE-2013-4444
In very limited circumstances, it was possible for an attacker to upload a malicious JSP to a Tomcat server and then trigger the execution of that JSP. While Remote Code Execution would normally be viewed as a critical vulnerability, the circumstances under which this is possible are, in the view of the Tomcat security team, sufficiently limited that this vulnerability is viewed as important.
For this attack to succeed all of the following requirements must be met:
Note that requirements 2 and 3 may be replaced with the following requirement:
In this case (requirements 1, 4, 5, 6 and 7 met) a similar vulnerability may exist on any Servlet container, not just Apache Tomcat.
This was fixed in revision 1470437.
This issue was identified by Pierre Ernst of the VMware Security Engineering, Communications and Response group (vSECR) and reported to the Tomcat security team via the Pivotal security team on 5 September 2014. It was made public on 10 September 2014.
Affects: 7.0.0 to 7.0.39