CVE-2012-3546

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Published Bysecalert@redhat.com

Published DateDec 19, 2012, 11:55

Affected Versions(2)

org.apache.tomcat:tomcat(Maven)

Introduced6.0.0

Fixed6.0.36

LimitN/A

org.apache.tomcat:tomcat(Maven)

Introduced7.0.0

Fixed7.0.30

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.tomcat:tomcat(Maven)	6.0.0	6.0.36	N/A
org.apache.tomcat:tomcat(Maven)	7.0.0	7.0.30	N/A

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

4.3

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE

References

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

4.3

Vector String

AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE