The Hacker NewsTHN:523B1918A8FF34F0AEA29BC9BA1A87F7Apache Tomcat Multiple Critical Vulnerabilities
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.924 High
EPSS
Percentile
98.5%
Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x .
Apache Tomcat vulnerabilities
- CVE-2012-4534 Apache Tomcat denial of service
- CVE-2012-3546 Apache Tomcat Bypass of security constraints
- CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
According to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.
CVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Whereas, CVE-2012-3546 - where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application.
If you are affected, Please update your Tomcat to a fixed version i.e
- Tomcat 7.x: Update to version 7.0.32.
- Tomcat 6.x: Update to version 6.0.36.
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.924 High
EPSS
Percentile
98.5%