CVSS: 6.8EPSS: 1%CPEs: 43EXPL: 0CVE-2013-2067 – tomcat: Session fixation in form authenticator
https://notcve.org/view.php?id=CVE-2013-2067
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. v6.0.21 hasta v6.0.36 y v7.x anteriores a v7.0.33 no maneja de forma adecuada las relaciones entre requisitos de autenticación y las sesiones, lo que permite a atacantes remotos a inyctar una petición en una sesión enviando esta petición durante el proceso de completado del formulario de login, es una variante del ataque de fijado de sesión. • http://archives.neohapsis.com/archives/bugtraq/2013-05/0041.html http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-0839.html http://rhn.redhat.com/errata/RHSA-2013-0964.html http://rhn.redhat.com/errata/RHSA-2013-1437.html http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/authenticator/FormAuthenticator.java?r1=1417891&r2=1417890&pathrev=1417891 http://svn.apach • CWE-287: Improper Authentication CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 1CVE-2012-4431 – Tomcat/JBoss Web - Bypass of CSRF prevention filter
https://notcve.org/view.php?id=CVE-2012-4431
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. org/apache/catalina/filters/CsrfPreventionFilter.java en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de v7.0.32 permite a atacantes remotos evitar el mecanismo de protección de CSRF a través de una petición que carece de un identificador de sesión. • https://github.com/imjdl/CVE-2012-4431 http://archives.neohapsis.com/archives/bugtraq/2012-12/0045.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html http://marc.info/?l=bugtraq&m=136612293908376&w=2 http:&# • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 66EXPL: 0CVE-2012-3546 – Web: Bypass of security constraints
https://notcve.org/view.php?id=CVE-2012-3546
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. org/apache/catalina/campo/RealmBase.java en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de v7.0.30, cuando se utiliza la autenticación de formularios, permite a atacantes remotos evitar restricciones de seguridad aprovechándose de una llamada setUserPrincipal anterior para luego colocar /j_security_check al final de una URI. • http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://marc.info/?l=bugtraq&m=136612293908376&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://rhn.redhat.com/errata/RHSA-2013-0004.html http://rhn.redhat.com/errata/RHSA-2013-0005.html http://rhn.re • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 70%CPEs: 70EXPL: 1CVE-2012-4534 – Tomcat - Denial Of Service when using NIO+SSL+sendfile
https://notcve.org/view.php?id=CVE-2012-4534
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. org/apache/tomcat/util/net/NioEndpoint.java en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de V7.0.28, cuando el conector NIO se utiliza junto con sendfile y HTTPS permite a atacantes remotos provocar una denegación de servicio (bucle infinito) terminando la conexión durante la lectura de una respuesta. • http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html http://marc.info/?l=bugtraq&m=136612293908376&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://rhn.redhat.com/errata/RHSA-2013-0623.html http://secunia.com/advisories/57126 http://svn.apache.org/viewvc/ • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2012-5568
https://notcve.org/view.php?id=CVE-2012-5568
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. Apache Tomcat hasta v7.0.x permite a atacantes remotos provocar una denegación de servicio (parada del demonio) a través de peticiones HTTP parciales, tal y como quedó demostrado por Slowloris. • http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://openwall.com/lists/oss-security/2012/11/26/2 http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147776.html http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147779.html •