Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apache Tomcat
Опубликовано:7 декабря 2012 г.
Источник:
SecurityVulns ID:12747
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход защиты, DoS.
Затронутые продукты:APACHE : Tomcat 6.0
 APACHE : Tomcat 7.0
CVE:CVE-2012-4534 (org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.)
 CVE-2012-4431 (org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.)
 CVE-2012-3546 (org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.)
Оригинальный текстdocumentAPACHE, CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter (07.12.2012)
 documentAPACHE, CVE-2012-3546 Apache Tomcat Bypass of security constraints (07.12.2012)
 documentAPACHE, CVE-2012-4534 Apache Tomcat denial of service (07.12.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород