Launchpad CVE tracker

CVE 2013-2071

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Related bugs and status

CVE-2013-2071 (Candidate) is related to these bugs:

Bug #1073159: Please backport tomcat7 7.0.42 (main) from saucy/debian to precise [and tomcat-native] to fix serious CVE reports

Summary				In	Importance	Status
	1073159	Please backport tomcat7 7.0.42 (main) from saucy/debian to precise [and tomcat-native] to fix serious CVE reports		Precise Backports	Undecided	Won't Fix
	1073159	Please backport tomcat7 7.0.42 (main) from saucy/debian to precise [and tomcat-native] to fix serious CVE reports		tomcat7 (Ubuntu)	High	Won't Fix

Bug #1178645: tomcat7 needs update to 7.0.40

		In	Importance	Status
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu)	Undecided	Fix Released
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu Precise)	Undecided	Won't Fix
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu Quantal)	Undecided	Fix Released
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu Raring)	Undecided	Fix Released
1178645	tomcat7 needs update to 7.0.40	tomcat7 (Ubuntu Saucy)	Undecided	Fix Released

Bug #1197151: Please sync package tomcat7 (7.0.35-1~exp2ubuntu1) from Raring Dist to Precise Dist

Summary				In	Importance	Status
	1197151	Please sync package tomcat7 (7.0.35-1~exp2ubuntu1) from Raring Dist to Precise Dist		Ubuntu	Undecided	Invalid

Bug #1290819: Update the 7.x trunk for 12.04LTS

Summary				In	Importance	Status
	1290819	Update the 7.x trunk for 12.04LTS		tomcat7 (Ubuntu)	High	Confirmed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2071

References