Lucene search

[email protected]NVD:CVE-2012-3546

HistoryDec 19, 2012 - 11:55 a.m.

CVE-2012-3546

2012-12-1911:55:54

CWE-264

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Affected configurations

NVD

Node

apachetomcatMatch6.0

apachetomcatMatch6.0.0

apachetomcatMatch6.0.0alpha

apachetomcatMatch6.0.1

apachetomcatMatch6.0.1alpha

apachetomcatMatch6.0.2

apachetomcatMatch6.0.2alpha

apachetomcatMatch6.0.2beta

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.7

apachetomcatMatch6.0.8

apachetomcatMatch6.0.9

apachetomcatMatch6.0.9beta

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.24

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

apachetomcatMatch6.0.28

apachetomcatMatch6.0.29

apachetomcatMatch6.0.30

apachetomcatMatch6.0.31

apachetomcatMatch6.0.32

apachetomcatMatch6.0.33

apachetomcatMatch6.0.35

Node

apachetomcatMatch7.0.0

apachetomcatMatch7.0.0beta

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.2beta

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.4beta

apachetomcatMatch7.0.5

apachetomcatMatch7.0.6

apachetomcatMatch7.0.7

apachetomcatMatch7.0.8

apachetomcatMatch7.0.9

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.15

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.18

apachetomcatMatch7.0.19

apachetomcatMatch7.0.20

apachetomcatMatch7.0.21

apachetomcatMatch7.0.22

apachetomcatMatch7.0.23

apachetomcatMatch7.0.25

apachetomcatMatch7.0.28

References

archives.neohapsis.com/archives/bugtraq/2012-12/0044.html

lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

marc.info/?l=bugtraq&m=136612293908376&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

rhn.redhat.com/errata/RHSA-2013-0004.html

rhn.redhat.com/errata/RHSA-2013-0005.html

rhn.redhat.com/errata/RHSA-2013-0146.html

rhn.redhat.com/errata/RHSA-2013-0147.html

rhn.redhat.com/errata/RHSA-2013-0151.html

rhn.redhat.com/errata/RHSA-2013-0157.html

rhn.redhat.com/errata/RHSA-2013-0158.html

rhn.redhat.com/errata/RHSA-2013-0162.html

rhn.redhat.com/errata/RHSA-2013-0163.html

rhn.redhat.com/errata/RHSA-2013-0164.html

rhn.redhat.com/errata/RHSA-2013-0191.html

rhn.redhat.com/errata/RHSA-2013-0192.html

rhn.redhat.com/errata/RHSA-2013-0193.html

rhn.redhat.com/errata/RHSA-2013-0194.html

rhn.redhat.com/errata/RHSA-2013-0195.html

rhn.redhat.com/errata/RHSA-2013-0196.html

rhn.redhat.com/errata/RHSA-2013-0197.html

rhn.redhat.com/errata/RHSA-2013-0198.html

rhn.redhat.com/errata/RHSA-2013-0221.html

rhn.redhat.com/errata/RHSA-2013-0235.html

rhn.redhat.com/errata/RHSA-2013-0623.html

rhn.redhat.com/errata/RHSA-2013-0640.html

rhn.redhat.com/errata/RHSA-2013-0641.html

rhn.redhat.com/errata/RHSA-2013-0642.html

secunia.com/advisories/51984

secunia.com/advisories/52054

secunia.com/advisories/57126

svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892

svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892

svn.apache.org/viewvc?view=revision&revision=1377892

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.securityfocus.com/bid/56812

www.securitytracker.com/id?1027833

www.ubuntu.com/usn/USN-1685-1

h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for NVD:CVE-2012-3546

redhat22 veracode9 prion1 securityvulns4 nessus34 freebsd1 github1 ubuntucve1 cve1 osv2 cvelist1 seebug1 debiancve1 openvas22 thn2 atlassian6 tomcat2 ubuntu1 centos2 oraclelinux2 fedora1 f51 vmware2 debian1 gentoo1 ibm2