Absent Member.. JasonCantrell Absent Member..
Absent Member..
71 views

[OO Tip] Tomcat 7.0.39.0. CVE-2013-2071 vulnerability

Issue:

Operations Orchestration (OO) 10.01 uses tomcat 7.0.39.0. A vulnerability came out May 9 2013. This link shows the details: http://tomcat.apache.org/security-7.html

 

Moderate: Information disclosure CVE-2013-2071

 

Bug 54178 described a scenario where elements of a previous request may be exposed to a current request. This was very difficult to exploit deliberately but likely to happen unexpectedly if an application used AsyncListeners that threw RuntimeExceptions.

 

This was fixed in tomcat 7.0.40

 

Solution:

Tomcat is upgraded in OO 10.02 to 7.0.47. Upgrade to 10.02 will correct this issue and is recommended.

 

Direct link to the document here:

http://support.openview.hp.com/selfsolve/document/KM00761239

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Labels (2)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.