You are here

V-040: Apache Tomcat Bug Lets Remote Users Bypass Security Constraints

December 5, 2012 - 1:00am

Addthis

PROBLEM:

Apache Tomcat Bug Lets Remote Users Bypass Security Constraints

PLATFORM:

Version(s): 6.0.0 - 6.0.35, 7.0.0 - 7.0.29

ABSTRACT:

A vulnerability was reported in Apache Tomcat.

REFERENCE LINKS:

Apache Tomcat
Red Hat Bugzilla – Bug 883634
SecurityTracker Alert ID:  1027833
CVE-2012-3546

IMPACT ASSESSMENT:

High

DISCUSSION:

When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().

IMPACT:

A remote user can bypass security constraints

SOLUTION:

The vendor has issued a fix (6.0.36, 7.0.30).

Addthis