CVE-2013-2071Sensitive Information Exposure in Apache Tomcat

CWE-200Sensitive Information Exposure8 documents7 sources
Severity
2.6LOWNVD
EPSS
8.4%
top 7.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJun 1
Latest updateMay 17

Description

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat28 versions+27

Patches

Patch: svn.apache.orgPatch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

3
OSV
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat2022-05-17
GHSA
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat2022-05-17
CVEList
CVE-2013-2071: java/org/apache/catalina/core/AsyncContextImpl2013-06-01

📋Vendor Advisories

2
Ubuntu
Tomcat vulnerabilities2013-05-28
Red Hat
tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions2013-05-10

💬Community

2
Bugzilla
CVE-2013-2071 tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions2013-05-10
Bugzilla
CVE-2013-2071 tomcat: Information disclosure in asynchronous context when using AsyncListeners that threw RuntimeExceptions [fedora-all]2013-05-10
CVE-2013-2071 — Sensitive Information Exposure | cvebase