5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.705 High
EPSS
Percentile
98.0%
Important: Denial of service CVE-2012-2733
The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers.
This was fixed in revision 1356208.
This was reported by Josh Spiewak to the Tomcat security team on 4 June 2012 and made public on 5 November 2012.
Affects: 6.0.0-6.0.35
Moderate: DIGEST authentication weakness CVE-2012-3439
Three weaknesses in Tomcat’s implementation of DIGEST authentication were identified and resolved:
These issues reduced the security of DIGEST authentication making replay attacks possible in some circumstances.
This was fixed in revision 1380829.
The first issue was reported by Tilmann Kuhn to the Tomcat security team on 19 July 2012. The second and third issues were discovered by the Tomcat security team during the resulting code review. All three issues were made public on 5 November 2012.
Affects: 6.0.0-6.0.35
Important: Bypass of security constraints CVE-2012-3546
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().
This was fixed in revision 1381035.
This issue was identified by the Tomcat security team on 13 July 2012 and made public on 4 December 2012.
Affects: 6.0.0-6.0.35
Important: Bypass of CSRF prevention filter CVE-2012-4431
The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.
This was fixed in revision 1394456.
This issue was identified by the Tomcat security team on 8 September 2012 and made public on 4 December 2012.
Affects: 6.0.30-6.0.35
Important: Denial of service CVE-2012-4534
When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service. This was originally reported as bug 52858.
This was fixed in revision 1372035.
The security implications of this bug were reported to the Tomcat security team by Arun Neelicattu of the Red Hat Security Response Team on 3 October 2012 and made public on 4 December 2012.
Affects: 6.0.0-6.0.35
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 6.0.0 | |
apache tomcat | ge | 6.0.30 | |
apache tomcat | le | 6.0.35 |