Description

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

Remediation

References

CVE-2012-3546

Related Vulnerabilities

PHP Numeric Errors Vulnerability (CVE-2007-1001)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7927)

WordPress Plugin WordPress Photo Gallery-Image Gallery Cross-Site Request Forgery (1.0.6)

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2005-4838)

Java Unspesificed Vulnerability (CVE-2019-2766)

Severity

Medium

Classification

CVE-2012-3546 CWE-264

Tags

Missing Update Known Vulnerabilities