SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
SecurityTracker Alert ID:  1027833
SecurityTracker URL:  http://securitytracker.com/id/1027833
CVE Reference:   CVE-2012-3546   (Links to External Site)
Date:  Dec 4 2012
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0.0 - 6.0.35, 7.0.0 - 7.0.29
Description:   A vulnerability was reported in Apache Tomcat. A remote user can bypass security constraints.

A remote user can send a specially crafted FORM authentication request to bypass the security constraint checks.

The Tomcat security team reported this vulnerability.

Impact:   A remote user can bypass security constraints.
Solution:   The vendor has issued a fix (6.0.36, 7.0.30).

The vendor's advisory is available at:

http://tomcat.apache.org/security-7.html

Vendor URL:  tomcat.apache.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 14 2012 (Oracle Issues Fix for Oracle Health Sciences LabPas) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Oracle has issued a fix for Oracle Health Sciences LabPas.
Jan 4 2013 (Red Hat Issues Fix) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Jan 4 2013 (Red Hat Issues Fix for JBoss) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Red Hat has issued a fix for JBoss Enterprise Web Server.
Jan 10 2013 (Red Hat Issues Fix) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Red Hat has issued a fix JBoss Enterprise Portal Platform 4.3.
Jan 15 2013 (Red Hat Issues Fix for JBoss) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Red Hat has issued a fix for JBoss Enterprise SOA Platform.
Jan 15 2013 (Red Hat Issues Fix for JBoss) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Red Hat has issued a fix for JBoss Enterprise Application Platform 6.0.1.
Jan 15 2013 (Red Hat Issues Fix for JBoss) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Red Hat has issued a fix for JBoss for Red Hat Enterprise Linux 5 and 6.
Jan 15 2013 (Red Hat Issues Fix for JBoss) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Red Hat has issued a fix for JBoss Enterprise Web Server 1.0.2.
Jan 16 2013 (Red Hat Issues Fix for JBoss) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.
Feb 20 2013 (Oracle Issues Fix for Solaris) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Oracle has issued a fix for Solaris 11.1.
Apr 3 2014 (Oracle Issues Fix for Solaris) Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
Oracle has issued a fix for Solaris 9, 10, and 11.1.



 Source Message Contents

Subject:  [Full-disclosure] CVE-2012-3546 Apache Tomcat Bypass of security constraints

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2012-3546 Apache Tomcat Bypass of security constraints

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.35
Earlier unsupported versions may also be affected

Description:
When using FORM authentication it was possible to bypass the security
constraint checks in the FORM authenticator by appending
"/j_security_check" to the end of the URL if some other component (such
as the Single-Sign-On valve) had called request.setUserPrincipal()
before the call to FormAuthenticator#authenticate().

Mitigation:
Users of affected versions should apply one of the following mitigations:
- - Tomcat 7.0.x users should upgrade to 7.0.30 or later
- - Tomcat 6.0.x users should upgrade to 6.0.36 or later

Credit:
This issue was identified by The Tomcat security team

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQvlNnAAoJEBDAHFovYFnnsJoP/i6/NEKy6+tAcMZ0vKV5CGci
2Epf7NbfWHZhyYZlI445kHoCGQAvMaD0pXlLBUTlzVd2N9Jugk1j2WNPzvOlsaZ0
jx3qeuvNhVZzAa2LIDVSj8ENVNYMiA/S4reZu2u9lHqw5tTP5fapJXDNphSnr0kR
A662JdkQlirQtFylkvqFdMoZ3N/vEPwzD8Cs80fafEhEqcoOtrO6yOyaR/kwEFeI
5cxbm/om4+T9cVkRduGqhzLRBWnDiCeBguXiUJXDQorOWmzHq438cNd4ylfFRa1W
RBsin8aVY6LMIUqdWWqUnG8SPI7qp7odMRzhI1yLw+y4ykrV5coKeTvalIsh+3ZE
FWP7kYmrOYS8NToq56Fxn8bYAuAsJiOsVZ4ox0ozR9HQCEqLEpXTa31hEowUBtig
LO0HRgQIeh4rdgxxR2V46JiRw8URNfGevKrhez5B8UAb8hj02SM/3hyg3S3pL2Jn
fl0vLnf1+DACd0mUuGmSQNLx5VznW6fkYHZWgmV3SigaroKL4+BbqCO7WvuNs9aA
Y8dYt08IgF0O/Kt1vQdks31KEDIqHJOtrZBCySdvVLGz1x+MxluWssZGQELCcj0v
ByfH80yh/uIU2Zk9QTaJlEkuODyWTYxmYRk34R3/zZ57za+NQLlpe0cfBRy33wjt
VCfhXK6n3npDlmhpeBDw
=pOlX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC