Description

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Remediation

References

CVE-2012-3546

Related Vulnerabilities

WordPress Plugin Really Simple Gallery Cross-Site Scripting (1.4)

Oracle JRE CVE-2013-0450 Vulnerability (CVE-2013-0450)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-29002)

MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1010123)

Severity

Medium

Classification

CVE-2012-3546 CWE-264

Tags

Missing Update Known Vulnerabilities