Apache Tomcat Information Disclosure Vulnerability (Windows) Network Vulnerability

Summary

The host is running Apache Tomcat Server and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain potentially sensitive information. Impact Level: Application

Solution

Apply patch or upgrade Apache Tomcat to 7.0.40 or later, For updates refer to http://tomcat.apache.org ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

Flaw due to improper handling of throwing a RunTimeException in an AsyncListener in 'java/org/apache/catalina/core/AsyncContextImpl.java'.

Affected

Apache Tomcat version 7.x to 7.0.39

References

http://svn.apache.org/viewvc?view=revision&revision=1471372
http://tomcat.apache.org/security-7.html
http://xforce.iss.net/xforce/xfdb/84143

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2071

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Embedded Web Server Detection
Hidden WWW server name
Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
Appweb Web Server Cross Site Scripting Vulnerability
Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability

Take action and discover your vulnerabilities