Описание
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 6.0.35-6 |
| hardy | DNE | |
| lucid | released | 6.0.24-2ubuntu1.12 |
| oneiric | released | 6.0.32-5ubuntu1.4 |
| precise | released | 6.0.35-1ubuntu3.2 |
| quantal | released | 6.0.35-5ubuntu0.1 |
| raring | not-affected | 6.0.35-6 |
| upstream | released | 6.0.35-6 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 7.0.34-0ubuntu1 |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | released | 7.0.21-1ubuntu0.1 |
| precise | released | 7.0.26-1ubuntu1.2 |
| quantal | not-affected | 7.0.30-0ubuntu1 |
| raring | not-affected | 7.0.34-0ubuntu1 |
| upstream | released | 7.0.28-4 |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6 ...
4.3 Medium
CVSS2