exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2013-2071

Status Candidate

Overview

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.

Related Files

Gentoo Linux Security Advisory 201412-29
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2733, CVE-2012-3544, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
SHA-256 | 812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268e
Debian Security Advisory 2897-1
Posted Apr 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2897-1 - Multiple security issues were found in the Tomcat servlet and JSP engine.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2014-0050
SHA-256 | 2b66a4a8295291756dace91cbeeb0f72ed10e5069d62d5a8388c8a95212581eb
HP Security Bulletin HPSBMU02966
Posted Feb 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02966 - A potential security vulnerability has been identified with HP Operations Orchestration. The vulnerability could be exploited to gain unauthorized access to information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2013-2071
SHA-256 | 32d365b078cb65bcb4beceeac0ade27c68c83a77127c990b36aeb5f30104c0ba
Red Hat Security Advisory 2013-1013-01
Posted Jul 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1013-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-3544, CVE-2012-4558, CVE-2013-0166, CVE-2013-0169, CVE-2013-2067, CVE-2013-2071
SHA-256 | 4d8adaa9bcaef993e656ec1d999154261c28702c77c144918b0a2f0f34812afd
Red Hat Security Advisory 2013-1011-01
Posted Jul 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1011-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-3544, CVE-2012-4558, CVE-2013-2067, CVE-2013-2071
SHA-256 | cadd38f37fb1b46b32962ed1bb5969dfd435931e8d2d4a4d9dff2d5e6173a51c
Red Hat Security Advisory 2013-1012-01
Posted Jul 3, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1012-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-3499, CVE-2012-3544, CVE-2012-4558, CVE-2013-2067, CVE-2013-2071
SHA-256 | 35427631191e8b8a15c2ccf348534c44c88f0f64d52cc8050a784c8592125f6c
Ubuntu Security Notice USN-1841-1
Posted May 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1841-1 - It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3544, CVE-2013-2067, CVE-2013-2071, CVE-2012-3544, CVE-2013-2067, CVE-2013-2071
SHA-256 | b002a0a0604129aab3c01f6d632495573ac355189b6d1b38e345b90d003d572a
Apache Tomcat 7.0.39 AsyncListener RuntimeException
Posted May 10, 2013
Authored by Mark Thomas | Site tomcat.apache.org

There was a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but fairly likely to happen unexpectedly if an application used AsyncListeners that threw RuntimeExceptions. The issue was fixed by catching the RuntimeExceptions. Apache Tomcat versions 7.0.0 through 7.0.39 are affected.

tags | advisory
advisories | CVE-2013-2071
SHA-256 | cde648eb3c646ccc296e6a2d348bb89e68c2c0471e19b83178341c84734cf58f
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close