GHSA-3P5R-7CW3-2M67 Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

Cross site request forgery (csrf)

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

CVE-2013-2071

java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other application...

CVE-2013-2071

CVE-2013-2071 affects Apache Tomcat 7.x prior to 7.0.40, where AsyncContextImpl.java may mishandle a RuntimeException thrown from an AsyncListener, potentially exposing elements of a previous request to a current one when a request is recorded by an application. The vulnerability is rooted in the...