CVE-2013-2071 in Secure Global Desktopinformation

Résumé (Anglaise)

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Réserver

19/02/2013

Divulgation

01/06/2013

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
11928	Oracle Secure Global Desktop Apache Tomcat divulgation d'information	200	Non défini	Correctif officiel	CVE-2013-2071
11847	Oracle Transportation Management Application Server divulgation d'information	200	Non défini	Correctif officiel	CVE-2013-2071
8666	Apache Tomcat AsyncListener divulgation d'information	200	Non défini	Correctif officiel	CVE-2013-2071

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

Sources

◂ PrécédentAperçuSuivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!