← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

PublicDateAtUSN: 2013-05-10
Candidate: CVE-2013-2071
PublicDate: 2013-06-01
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071
 http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/%3C518CB1CC.6070909@apache.org%3E
 http://tomcat.apache.org/security-7.html
 http://www.ubuntu.com/usn/usn-1841-1
Description:
 java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x
 before 7.0.40 does not properly handle the throwing of a RuntimeException
 in an AsyncListener in an application, which allows context-dependent
 attackers to obtain sensitive request information intended for other
 applications in opportunistic circumstances via an application that records
 the requests that it processes.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1178645
 https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707704
Priority: medium
Discovered-by:
Assigned-to:

Patches_tomcat7:
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1471372
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1475792 (related)
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1408937 (backporting)
upstream_tomcat7: released (7.0.40)
lucid_tomcat7: DNE
precise_tomcat7: ignored (reached end-of-life)
precise/esm_tomcat7: DNE (precise was needed)
quantal_tomcat7: released (7.0.30-0ubuntu1.2)
raring_tomcat7: released (7.0.35-1~exp2ubuntu1.1)
saucy_tomcat7: not-affected (7.0.40-1)
trusty_tomcat7: not-affected (7.0.40-1)
utopic_tomcat7: not-affected (7.0.40-1)
vivid_tomcat7: not-affected (7.0.40-1)
vivid/stable-phone-overlay_tomcat7: DNE
vivid/ubuntu-core_tomcat7: DNE
wily_tomcat7: not-affected (7.0.40-1)
xenial_tomcat7: not-affected (7.0.40-1)
yakkety_tomcat7: not-affected (7.0.40-1)
zesty_tomcat7: not-affected (7.0.40-1)
devel_tomcat7: not-affected (7.0.40-1)

Patches_tomcat6:
upstream_tomcat6: not-affected
lucid_tomcat6: not-affected
precise_tomcat6: not-affected
precise/esm_tomcat6: not-affected
quantal_tomcat6: not-affected
raring_tomcat6: not-affected
saucy_tomcat6: not-affected
trusty_tomcat6: not-affected
utopic_tomcat6: not-affected
vivid_tomcat6: not-affected
vivid/stable-phone-overlay_tomcat6: DNE
vivid/ubuntu-core_tomcat6: DNE
wily_tomcat6: not-affected
xenial_tomcat6: not-affected
yakkety_tomcat6: DNE
zesty_tomcat6: DNE
devel_tomcat6: DNE