Description
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery 'swfupload.swf' Cross-Site Scripting (1.9.7)
MySQL CVE-2021-2154 Vulnerability (CVE-2021-2154)
WordPress Plugin Advanced Custom Fields PRO Arbitrary File Upload (5.12.2)
WordPress Plugin Csv Import-Export Multiple Cross-Site Scripting Vulnerabilities (1.1.0)