CVE-2012-3546
published 2012-12-19CVE-2012-3546: org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to…
PriorityP336medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
11.97%
95.6th percentile
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
Affected
62 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VMware
VMware security updates for vCenter Server
vendor_vmware·2013-04-25·CVSS 7.2
CVE-2012-2337 [HIGH] VMware security updates for vCenter Server
VMSA-2013-0006: VMware security updates for vCenter Server
a. vCenter Server AD anonymous LDAP binding credential by-pass vCenter Server when deployed in an environment that uses Active Directory (AD) with anonymous LDAP binding enabled doesn't properly handle login credentials. In this environment, authenticating to vCenter Server with a valid user name and a blank password may be successful even if a non-blank password is required for the account. The issue is present on vCenter Server 5.1, 5.1a and 5.1b if AD anonymous LDAP binding is enabled. The issue is addressed in vCenter Server 5.1 Update 1 by removing the possibility to authenticate using blank passwords. This change in the authentication mechanism is present regardless if anonymous binding is enabled or not.
CVEs: CVE-2012-233
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2013-01-14·CVSS 4.3
CVE-2012-3546 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Several security issues were fixed in Tomcat.
It was discovered that Tomcat incorrectly performed certain security
constraint checks in the FORM authenticator. A remote attacker could
possibly use this flaw with a specially-crafted URI to bypass security
constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10
and Ubuntu 12.04 LTS. (CVE-2012-3546)
It was discovered that Tomcat incorrectly handled requests that lack a
session identifier. A remote attacker could possibly use this flaw to
bypass the cross-site request forgery protection. (CVE-2012-4431)
It was discovered that Tomcat incorrectly handled sendfile and HTTPS when
the NIO connector is used. A remote attacker could use this flaw to cause
Tomcat to stop responsing, resulti
Red Hat
Web: Bypass of security constraints
vendor_redhat·2012-12-04·CVSS 4.3
CVE-2012-3546 [MEDIUM] Web: Bypass of security constraints
Web: Bypass of security constraints
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
Statement: Tomcat 5.5 has reached the end of its supported upstream life-cycle, and the Apache Tomcat project no longer tests security flaws to determine whether they affect Tomcat 5.5. Red Hat has tested tomcat 5.5 as shipped with Red Hat Enterprise Linux 5 and JBoss Enterprise Web Server 1, and found that it is affected by this flaw. Patches for tomcat 5.5 to address this flaw have been provided.
Package: jbossweb (Red Hat JBoss BRMS 5) - Affected
Package:
GHSA
Authentication Bypass in Apache Tomcat
ghsa·2022-05-17
CVE-2012-3546 [MEDIUM] CWE-287 Authentication Bypass in Apache Tomcat
Authentication Bypass in Apache Tomcat
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
OSV
Authentication Bypass in Apache Tomcat
osv·2022-05-17
CVE-2012-3546 [MEDIUM] Authentication Bypass in Apache Tomcat
Authentication Bypass in Apache Tomcat
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-3546 Tomcat/JBoss Web - Bypass of security constraints [fedora-all]
bugzilla·2012-12-05·CVSS 4.3
CVE-2012-3546 [MEDIUM] CVE-2012-3546 Tomcat/JBoss Web - Bypass of security constraints [fedora-all]
CVE-2012-3546 Tomcat/JBoss Web - Bypass of security constraints [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affe
Bugzilla
CVE-2012-3546 Tomcat/JBoss Web: Bypass of security constraints
bugzilla·2012-12-05·CVSS 4.3
CVE-2012-3546 [MEDIUM] CVE-2012-3546 Tomcat/JBoss Web: Bypass of security constraints
CVE-2012-3546 Tomcat/JBoss Web: Bypass of security constraints
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().
Source: Tomcat security pages. [1,2]
[1] http://tomcat.apache.org/security-6.html
[2] http://tomcat.apache.org/security-7.html
Upstream commits:
http://svn.apache.org/viewvc?view=revision&revision=1381035
http://svn.apache.org/viewvc?view=revision&revision=1377892
Discussion:
Created tomcat6 tracking bugs for this issue
Affects: fedora-all [bug 883702]
---
Created tomcat tracking bugs for this issue
Affect
Bugzilla
CVE-2012-3546 Tomcat/JBoss Web - Bypass of security constraints [fedora-all]
bugzilla·2012-12-05·CVSS 4.3
CVE-2012-3546 [MEDIUM] CVE-2012-3546 Tomcat/JBoss Web - Bypass of security constraints [fedora-all]
CVE-2012-3546 Tomcat/JBoss Web - Bypass of security constraints [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affe
Bugzilla
CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
bugzilla·2011-10-19·CVSS 5.8
CVE-2011-3546 [MEDIUM] CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
CVE-2011-3546 Oracle/IBM JDK: unspecified vulnerability fixed in 6u29 (Deployment)
Update 29 of Oracle/Sun Java fixes an unspecified vulnerability in the Deployment component (CVE-2011-3546). Upstream has CVSSv2 scored this issue as: 5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N
Discussion:
External References:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 6
Supplementary for Red Hat Enterprise Linux 5
Extras for RHEL 4
Via RHSA-2011:1384 https://rhn.redhat.com/errata/RHSA-2011-1384.html
---
This issue has been addressed in following products:
Supplementary for Red Hat Enterprise Linux 5
Extras for RHEL 4
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2012:
http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00089.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00037.htmlhttp://marc.info/?l=bugtraq&m=136612293908376&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://rhn.redhat.com/errata/RHSA-2013-0004.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0005.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0146.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0147.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0151.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0157.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0158.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0162.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0163.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0164.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0191.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0192.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0193.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0194.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0195.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0196.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0197.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0198.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0221.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0235.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0623.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0640.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0641.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0642.htmlhttp://secunia.com/advisories/51984http://secunia.com/advisories/52054http://secunia.com/advisories/57126http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892http://svn.apache.org/viewvc?view=revision&revision=1377892http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.securityfocus.com/bid/56812http://www.securitytracker.com/id?1027833http://www.ubuntu.com/usn/USN-1685-1https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00089.htmlhttp://lists.opensuse.org/opensuse-updates/2012-12/msg00090.htmlhttp://lists.opensuse.org/opensuse-updates/2013-01/msg00037.htmlhttp://marc.info/?l=bugtraq&m=136612293908376&w=2http://marc.info/?l=bugtraq&m=139344343412337&w=2http://rhn.redhat.com/errata/RHSA-2013-0004.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0005.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0146.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0147.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0151.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0157.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0158.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0162.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0163.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0164.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0191.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0192.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0193.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0194.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0195.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0196.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0197.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0198.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0221.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0235.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0623.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0640.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0641.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0642.htmlhttp://secunia.com/advisories/51984http://secunia.com/advisories/52054http://secunia.com/advisories/57126http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892http://svn.apache.org/viewvc?view=revision&revision=1377892http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://www.securityfocus.com/bid/56812http://www.securitytracker.com/id?1027833http://www.ubuntu.com/usn/USN-1685-1https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305
2012-12-19
Published