{ "schema_version": "1.7.0", "id": "MGASA-2013-0191", "published": "2013-07-01T19:08:10Z", "modified": "2013-07-01T19:07:53Z", "summary": "Updated tomcat7 packages fix CVE-2013-2071", "details": "java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x\nbefore 7.0.40 does not properly handle the throwing of a RuntimeException\nin an AsyncListener in an application, which allows context-dependent\nattackers to obtain sensitive request information intended for other\napplications in opportunistic circumstances via an application that records\nthe requests that it processes (CVE-2013-2071).\n", "upstream": [ "CVE-2013-2071" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0191.html" }, { "type": "WEB", "url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.40" }, { "type": "WEB", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=10200" } ], "affected": [ { "package": { "ecosystem": "Mageia:2", "name": "tomcat", "purl": "pkg:rpm/mageia/tomcat?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "7.0.41-3.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "tomcat", "purl": "pkg:rpm/mageia/tomcat?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "7.0.41-4.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }