Vulnerabilities

CVE-2012-3546

by Fred · 19/12/2012

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Date published : 2012-12-19

http://www.securityfocus.com/bid/56812

http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html

Similar

Tags: Cybersecurity Alert