{"id":"MGASA-2013-0191","summary":"Updated tomcat7 packages fix CVE-2013-2071","details":"java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x\nbefore 7.0.40 does not properly handle the throwing of a RuntimeException\nin an AsyncListener in an application, which allows context-dependent\nattackers to obtain sensitive request information intended for other\napplications in opportunistic circumstances via an application that records\nthe requests that it processes (CVE-2013-2071).\n","modified":"2026-04-16T06:23:34.595503495Z","published":"2013-07-01T19:08:10Z","upstream":["CVE-2013-2071"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0191.html"},{"type":"WEB","url":"http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.40"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10200"}],"affected":[{"package":{"name":"tomcat","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/tomcat?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.41-3.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0191.json"}},{"package":{"name":"tomcat","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/tomcat?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.0.41-4.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0191.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}