GHSA-3p5r-7cw3-2m67

Suggest an improvement
Source
https://github.com/advisories/GHSA-3p5r-7cw3-2m67
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3p5r-7cw3-2m67/GHSA-3p5r-7cw3-2m67.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3p5r-7cw3-2m67
Aliases
  • CVE-2013-2071
Published
2022-05-17T02:44:28Z
Modified
2024-12-06T05:33:30.508604Z
Summary
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Details

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Database specific 
{
    "nvd_published_at": "2013-06-01T14:21:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-08T19:07:33Z"
}
References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.0.40

Affected versions

7.*

7.0.35
7.0.37
7.0.39