New Search

HP-UX Running Apache Remote Denial of Service (DoS) Execution of Arbitrary Code and other vulnerabilities

oval:org.mitre.oval:def:19305

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30 when FORM authentication is used allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • HP-UX 11
Class:
vulnerability
Reference(s):
  • CVE-2012-3546
Product(s):