PROBLEM:
Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
PLATFORM:
Version(s): 6.0.0 - 6.0.35, 7.0.0 - 7.0.29
ABSTRACT:
A vulnerability was reported in Apache Tomcat.
REFERENCE LINKS:
Apache Tomcat
Red Hat Bugzilla – Bug 883634
SecurityTracker Alert ID: 1027833
CVE-2012-3546
IMPACT ASSESSMENT:
High
DISCUSSION:
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().
IMPACT:
A remote user can bypass security constraints
SOLUTION:
The vendor has issued a fix (6.0.36, 7.0.30).