Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2071)

Description

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Remediation

References

Related Vulnerabilities

WordPress Plugin Appointment Booking Calendar Multiple Vulnerabilities (1.1.7)

MySQL CVE-2019-2534 Vulnerability (CVE-2019-2534)

Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0792)

Oracle Database Server CVE-2006-0256 Vulnerability (CVE-2006-0256)

Severity

Low

Classification

CVE-2013-2071 CWE-200

Tags

Missing Update Known Vulnerabilities