Description

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Remediation

References

CVE-2012-3546

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13688)

WordPress Plugin yURL ReTwitt Cross-Site Request Forgery (1.4)

Oracle Database Server CVE-2010-3600 Vulnerability (CVE-2010-3600)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21340)

ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10400)

Severity

Medium

Classification

CVE-2012-3546 CWE-264

Tags

Missing Update Known Vulnerabilities