Lucene search
RootSSV:60498HistoryDec 07, 2012 - 12:00 a.m.
Apache Tomcat FORM身份验证安全绕过漏洞
2012-12-0700:00:00
Root
www.seebug.org
41
0.003 Low
EPSS
Percentile
65.6%
BUGTRAQ ID: 56812
CVE(CAN) ID: CVE-2012-3546
Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
Tomcat v7.0.30、6.0.36之前版本在FORM身份验证的实现上存在安全漏洞。在使用FORM验证时,若其他组件(如Single-Sign-On)在调用FormAuthenticator#authenticate()之前调用了request.setUserPrincipal(),则攻击者可以通过在URL结尾添加"/j_security_check"以绕过FORM验证
0
Apache Group Tomcat 7.0.0 - 7.0.29
Apache Group Tomcat 6.0.0 - 6.0.35
厂商补丁:
Apache Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载7.0.30和6.0.36或更高版本。
参考链接:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
Related
redhat
redhat
(RHSA-2013:0157) Important: tomcat6 security update
2013-01-14 00:00:00
(RHSA-2013:0163) Important: jbossweb security update
2013-01-15 00:00:00
(RHSA-2013:0005) Important: tomcat6 security update
2013-01-03 22:47:24
nessus
nessus
RHEL 5 / 6 : jbossweb (RHSA-2013:0164)
2013-01-24 00:00:00
RHEL 5 : jbossas (RHSA-2013:0147)
2013-01-24 00:00:00
RHEL 5 / 6 : JBoss Web Server (RHSA-2013:0158)
2014-11-08 00:00:00
prion
prion
Authentication flaw
2012-12-19 11:55:00
veracode
veracode
Authentication Bypass When FORM Authentication Is Used
2019-01-15 08:52:32
Privilege Escalation
2019-05-02 04:46:48
Information Disclosure
2019-05-02 04:46:22
securityvulns
securityvulns
CVE-2012-3546 Apache Tomcat Bypass of security constraints
2012-12-07 00:00:00
Apache Tomcat multiple security vulnerabilities
2012-12-07 00:00:00
ubuntucve
ubuntucve
CVE-2012-3546
2012-12-19 00:00:00
github
github
Authentication Bypass in Apache Tomcat
2022-05-17 00:59:04
freebsd
freebsd
tomcat -- bypass of security constraints
2012-12-04 00:00:00
debiancve
debiancve
CVE-2012-3546
2012-12-19 11:55:00
osv
osv
Authentication Bypass in Apache Tomcat
2022-05-17 00:59:04
tomcat6 - several
2013-07-18 00:00:00
cve
cve
CVE-2012-3546
2012-12-19 11:55:00
thn
thn
Apache Tomcat Multiple Critical Vulnerabilities
2012-12-05 06:45:00
Apache Tomcat Multiple Critical Vulnerabilities
2012-12-05 17:45:00
atlassian
atlassian
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
openvas
openvas
Ubuntu: Security Advisory (USN-1685-1)
2013-01-15 00:00:00
Apache Tomcat 7.0.x < 7.0.29 Multiple Vulnerabilities - Linux
2021-10-29 00:00:00
Ubuntu Update for tomcat7 USN-1685-1
2013-01-15 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2013-01-14 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.30
2012-09-06 00:00:00
Fixed in Apache Tomcat 6.0.36
2012-10-19 00:00:00
centos
centos
tomcat5 security update
2013-03-12 19:14:34
tomcat6 security update
2013-03-12 05:31:44
oraclelinux
oraclelinux
tomcat5 security update
2013-03-12 00:00:00
tomcat6 security update
2013-03-11 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16
2012-12-19 08:29:53
f5
f5
K20038622 : Multiple Apache Tomcat vulnerabilities
2020-08-06 00:00:00
debian
debian
[SECURITY] [DSA 2725-1] tomcat6 security update
2013-07-18 17:58:50
vmware
vmware
VMware security updates for vCenter Server
2013-04-25 00:00:00
VMware security updates for vCenter Server
2013-04-25 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
