Apache Tomcat Information Disclosure Vulnerability (Windows) Network Vulnerability

Summary

The host is running Apache Tomcat Server and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow remote attackers to obtain potentially sensitive information. Impact Level: Application

Solution

Apply patch or upgrade Apache Tomcat to 7.0.40 or later, For updates refer to http://tomcat.apache.org ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

Flaw due to improper handling of throwing a RunTimeException in an AsyncListener in 'java/org/apache/catalina/core/AsyncContextImpl.java'.

Affected

Apache Tomcat version 7.x to 7.0.39

References

http://svn.apache.org/viewvc?view=revision&revision=1471372
http://tomcat.apache.org/security-7.html
http://xforce.iss.net/xforce/xfdb/84143

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-2071
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Hidden WWW server name
Apache Tomcat Information Disclosure Vulnerability (Windows)
F5 BIG-IP Cookie Persistence
Webserver 4D Cleartext Passwords
IIS 5 .printer ISAPI filter applied

Take action and discover your vulnerabilities