Описание
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| lucid | not-affected | |
| precise | not-affected | |
| precise/esm | not-affected | |
| quantal | not-affected | |
| raring | not-affected | |
| saucy | not-affected | |
| trusty | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 7.0.40-1 |
| esm-apps/xenial | not-affected | 7.0.40-1 |
| esm-infra-legacy/trusty | not-affected | 7.0.40-1 |
| lucid | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | released | 7.0.30-0ubuntu1.2 |
| raring | released | 7.0.35-1~exp2ubuntu1.1 |
| saucy | not-affected | 7.0.40-1 |
| trusty | not-affected | 7.0.40-1 |
Показывать по
2.6 Low
CVSS2
Связанные уязвимости
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7 ...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2.6 Low
CVSS2