CVE-2013-2071 in Secure Global Desktopinfo

Summary

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

02/19/2013

Disclosure

06/01/2013

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
11928	Oracle Secure Global Desktop Apache Tomcat information disclosure	200	Not defined	Official fix	CVE-2013-2071
11847	Oracle Transportation Management Application Server information disclosure	200	Not defined	Official fix	CVE-2013-2071
8666	Apache Tomcat AsyncListener information disclosure	200	Not defined	Official fix	CVE-2013-2071

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!