Return-Path: 
 <announce-return-1812-apmail-announce-archive=apache.org@apache.org>
X-Original-To: apmail-announce-archive@www.apache.org
Delivered-To: apmail-announce-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9C1C8112F5
	for <apmail-announce-archive@www.apache.org>;
 Fri, 10 May 2013 10:43:06 +0000 (UTC)
Received: (qmail 28918 invoked by uid 500); 10 May 2013 10:42:26 -0000
Delivered-To: apmail-announce-archive@apache.org
Received: (qmail 27665 invoked by uid 500); 10 May 2013 10:42:18 -0000
Mailing-List: contact announce-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:announce-help@apache.org>
List-Unsubscribe: <mailto:announce-unsubscribe@apache.org>
List-Post: <mailto:announce@apache.org>
List-Id: <announce.apache.org>
Delivered-To: mailing list announce@apache.org
Delivered-To: moderator for announce@apache.org
Received: (qmail 81847 invoked by uid 99); 10 May 2013 08:37:39 -0000
Message-ID: <518CB1CC.6070909@apache.org>
Date: Fri, 10 May 2013 09:37:32 +0100
From: Mark Thomas <markt@apache.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
CC: Tomcat Developers List <dev@tomcat.apache.org>,
 announce@tomcat.apache.org, announce@apache.org,
 full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Subject: CVE-2013-2071 Request mix-up if AsyncListener method throws
 RuntimeException
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2013-2071 Request mix-up if AsyncListener method throws
              RuntimeException

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.39

Description:
Bug 54178 described a scenario where elements of a previous request may
be exposed to a current request. This was very difficult to exploit
deliberately but fairly likely to happen unexpectedly if an application
used AsyncListeners that threw RuntimeExceptions. The issue was fixed by
catching the RuntimeExceptions.

Mitigation:
Users of affected versions should apply the following mitigation:
- - Tomcat 7.0.x users should upgrade to 7.0.40 or later

Credit:
The security implications of this issue were identified by the Apache
Tomcat Security Team.

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRjLHMAAoJEBDAHFovYFnnOIAP/A9HXwQgnJKYl+gXwqFkjXaq
blo70uMMUpKPJ61l/keEguxZ/iGdQC4H2osjQiG7lhoOPvrMKtewCMXDAk/j9Skd
HXuQVSge22Na16M6GUNXARziyDk/44k8RHy3cibrPZPhUNVD743N50toPK8Q6UKR
PmAANa/kB9vvD589PCQLx/i6oiS5jaAwjoSdbwshtJytXrxoHgUrRLl3P5/sPBiq
57H/pAELR4aorfSj+tJL63ySX9v4NRiB55u3hNDgZOnPz3D9sjMsmq5vSzhfyiHh
NnkYGa7+ZfnBL6DJ4eiV5z7lbMFIBa7ZzcyYEhVFCIsbnSwTL2l0a3NSkuQ0xiXS
0jQDenOuCujL1Zw5YYHhRDy2rGbFG8q/Z+ZSQ3NP0vnmQCpCfsY3mBIFCWzhmK+h
TnFKdtxA+Ev/HSGPlSK1hADiYwL/iLb6YMoyintgj2mDIxrdHhcfMq8h6GYD1rbF
vlbWSpmgN81xdU8JxEbnq6PC60OeZH5x08Sj9B3YQlB8E4Pq9B/EaEFYF9oZdYcP
+DQWcd78SBNevg+fgKdKK8CjU5JQhMWetxv6HUomS7j3LgoJQPwVrNcg0yjV1v/g
qgddQ1DOamD+KuQxh08NHfMZP08g5a+CrQ6qpe3/pr/OI0PlTN23aCXvCEGl2KlZ
Cn4w/1eoL4agb5oREL2U
=vQbB
-----END PGP SIGNATURE-----