SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
SecurityTracker Alert ID:  1027834
SecurityTracker URL:  http://securitytracker.com/id/1027834
CVE Reference:   CVE-2012-4431   (Links to External Site)
Date:  Dec 4 2012
Impact:   Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0.0 - 6.0.35, 7.0.0 - 7.0.31
Description:   A vulnerability was reported in Apache Tomcat. A remote user can bypass the cross-site request forgery filter.

A remote user can submit a specially crafted request without a session identifier to bypass the cross-site request forgery (CSRF) prevention filter.

The Tomcat security team reported this vulnerability.

Impact:   A remote user can bypass the cross-site request forgery filter.
Solution:   The vendor has issued a fix (6.0.36, 7.0.32).

The vendor's advisory is available at:

http://tomcat.apache.org/security-7.html

Vendor URL:  tomcat.apache.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 14 2012 (Oracle Issues Fix for Oracle Health Sciences LabPas) Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
Oracle has issued a fix for Oracle Health Sciences LabPas.
Feb 20 2013 (Red Hat Issues Fix) Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
Red Hat has issued a fix for JBoss Enterprise Web Server.
Feb 20 2013 (Red Hat Issues Fix) Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
Red Hat has issued a fix for tomcat7 for JBoss Enterprise Web Server for Red Hat Enterprise Linux 5 and 6.
Feb 20 2013 (Red Hat Issues Fix) Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
Red Hat has issued a fix for Tomcat 7 for JBoss Enterprise Web Server.
Feb 20 2013 (Red Hat Issues Fix) Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
Red Hat has issued a fix for JBoss Enterprise Web Server for Red Hat Enterprise Linux 5 and 6.
Feb 20 2013 (Oracle Issues Fix for Solaris) Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
Oracle has issued a fix for Solaris 11.1.
Apr 30 2013 (HP Issues Fix for HP Service Manager) Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
HP has issued a fix for HP Service Manager.
Apr 3 2014 (Oracle Issues Fix for Solaris) Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
Oracle has issued a fix for Solaris 9, 10, and 11.1.



 Source Message Contents

Subject:  [Full-disclosure] CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.31
- - Tomcat 6.0.0 to 6.0.35

Description:
The CSRF prevention filter could be bypassed if a request was made to a
protected resource without a session identifier present in the request.

Mitigation:
Users of affected versions should apply one of the following mitigations:
- - Tomcat 7.0.x users should upgrade to 7.0.32 or later
- - Tomcat 6.0.x users should upgrade to 6.0.36 or later

Credit:
This issue was identified by The Tomcat security team

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQvlNvAAoJEBDAHFovYFnnY80QAMvP1gIpG00vfIdiFabpJX55
UEmkPuTSefxZ6NMvAL8GkuUe8CoC6KinCgOx+s8eGlEiHtWFoYvM/Ckg8E3a8SY6
MfD8GLo2av/LdULGSCBrbaL2wFbgixPTBpgR9YS4bdpTK5nVqBZyZOjOzptqRDnE
BQXDLLKa65/z7cF57l+XcLs1+JW3KJGRiGJzBNUrJK1x/AzfgRgk4jgvYdyDWdpI
zuXKgwBbunblPL4sZhZA2mhoswBIMIJIaHXOAD28Ddt9IIae0UFptY6LmExOkSsa
PtshA4EBlO8JTPPcfwtqA/bkHAWCzB1QshkYD57rLF3t1ouDQWI6j8l+q3AYIxzv
a0Ix4qzE2hekcjGSCUMZUqNgcaGSjsggaOEo5zauM01osPQxbfpH41eH5fIWlMKi
vrxRjYJwLyLdkj3bZFuP7Uq1GL4BLjeKDfqsL4aqcfdBPZea6C9rToEkB8EjD4vf
DVdrX4Ivg3ImMMnL+gkX4+5aLp+jpw23G9gZbX1DJn+648iv3yFoK5ysOWy1GAAO
x1Iq3pa49NigJ0ipjZvxc07THIoiK/t49/3fWzMR1Xm819oJC2/Qf512l/FpEltK
kQ0y8BC4+7ypUZyhtwE3jzLW1x2j4ZBK8l1nX0X92WepJ6piro/7o80qiyDMfqPC
hbmBu213eSXnV9kRHveI
=jich
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC