User: Password:
|
|
Subscribe / Log in / New account

tomcat: multiple vulnerabilities

Package(s):tomcat CVE #(s):CVE-2012-4534 CVE-2012-4431 CVE-2012-3546
Created:December 19, 2012 Updated:January 24, 2013
Description: From the CVE entries:

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. (CVE-2012-4534)

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. (CVE-2012-4431)

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. (CVE-2012-3546)

Alerts:
Gentoo 201412-29 tomcat 2014-12-14
Scientific Linux SL-tomc-20130312 tomcat5 2013-03-12
Oracle ELSA-2013-0640 tomcat5 2013-03-13
CentOS CESA-2013:0640 tomcat5 2013-03-12
Red Hat RHSA-2013:0640-01 tomcat5 2013-03-12
Scientific Linux SL-tomc-20130312 tomcat6 2013-03-12
Oracle ELSA-2013-0623 tomcat6 2013-03-11
CentOS CESA-2013:0623 tomcat6 2013-03-12
Red Hat RHSA-2013:0623-01 tomcat6 2013-03-11
openSUSE openSUSE-SU-2013:0192-1 libtcnative-1-0 and tomcat6 2013-01-23
openSUSE openSUSE-SU-2013:0161-1 tomcat 2013-01-23
openSUSE openSUSE-SU-2013:0170-1 tomcat 2013-01-23
Ubuntu USN-1685-1 tomcat6, tomcat7 2013-01-14
openSUSE openSUSE-SU-2013:0147-1 tomcat6 2013-01-23
Mageia MGASA-2013-0015 tomcat6 2013-01-18
openSUSE openSUSE-SU-2012:1700-1 tomcat6 2012-12-27
openSUSE openSUSE-SU-2012:1701-1 tomcat 2012-12-27
Fedora FEDORA-2012-20151 tomcat 2012-12-19

(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds