Parent Directory
|
Revision Log
MGASA-2013-0191
1 | type: security |
2 | subject: Updated tomcat7 packages fix CVE-2013-2071 |
3 | CVE: |
4 | - CVE-2013-2071 |
5 | src: |
6 | 2: |
7 | core: |
8 | - tomcat-7.0.41-3.mga2 |
9 | 3: |
10 | core: |
11 | - tomcat-7.0.41-4.mga3 |
12 | description: | |
13 | java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x |
14 | before 7.0.40 does not properly handle the throwing of a RuntimeException |
15 | in an AsyncListener in an application, which allows context-dependent |
16 | attackers to obtain sensitive request information intended for other |
17 | applications in opportunistic circumstances via an application that records |
18 | the requests that it processes (CVE-2013-2071). |
19 | references: |
20 | - http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.40 |
21 | - http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105886.html |
22 | - https://bugs.mageia.org/show_bug.cgi?id=10200 |
23 | ID: MGASA-2013-0191 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |