CVE-2012-3546 – Web: Bypass of security constraints
https://notcve.org/view.php?id=CVE-2012-3546
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. org/apache/catalina/campo/RealmBase.java en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de v7.0.30, cuando se utiliza la autenticación de formularios, permite a atacantes remotos evitar restricciones de seguridad aprovechándose de una llamada setUserPrincipal anterior para luego colocar /j_security_check al final de una URI. • http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://marc.info/?l=bugtraq&m=136612293908376&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://rhn.redhat.com/errata/RHSA-2013-0004.html http://rhn.redhat.com/errata/RHSA-2013-0005.html http://rhn.re • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4534 – Tomcat - Denial Of Service when using NIO+SSL+sendfile
https://notcve.org/view.php?id=CVE-2012-4534
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response. org/apache/tomcat/util/net/NioEndpoint.java en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de V7.0.28, cuando el conector NIO se utiliza junto con sendfile y HTTPS permite a atacantes remotos provocar una denegación de servicio (bucle infinito) terminando la conexión durante la lectura de una respuesta. • http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html http://marc.info/?l=bugtraq&m=136612293908376&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://rhn.redhat.com/errata/RHSA-2013-0623.html http://secunia.com/advisories/57126 http://svn.apache.org/viewvc/ • CWE-399: Resource Management Errors •
CVE-2012-5568
https://notcve.org/view.php?id=CVE-2012-5568
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. Apache Tomcat hasta v7.0.x permite a atacantes remotos provocar una denegación de servicio (parada del demonio) a través de peticiones HTTP parciales, tal y como quedó demostrado por Slowloris. • http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://openwall.com/lists/oss-security/2012/11/26/2 http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147776.html http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147779.html •
CVE-2012-5886 – tomcat: three DIGEST authentication implementation issues
https://notcve.org/view.php?id=CVE-2012-5886
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID. La implementación de HTTP Digest Access Authentication en Apache Tomcat v5.5.x antes de v5.5.36, 6.x antes 6.0.36, v7.x antes de v7.0.30 cachés información sobre el usuario autenticado en el estado de la sesión, lo que hace que sea más fácil para los atacantes remotos evitar la autenticación a través de vectores relacionados a la ID de sesión. • http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://rhn.redhat.com/errata/RHSA-2013-0623.html http://rhn.redhat.com/errata/RHSA-2013-0629.html http://rhn.redhat.com/errata/RHSA-2013-0631.html http://rhn.redhat.com/errata/RHSA-2013-0632.html http://rhn.redhat.com/errata/RHSA-2013-0633.html http://rhn.redhat.com/errata/ • CWE-287: Improper Authentication •
CVE-2012-5885 – tomcat: three DIGEST authentication implementation issues
https://notcve.org/view.php?id=CVE-2012-5885
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184. La funcionalidad replay-countermeasure en Apache Tomcat v5.5.x antes de v5.5.36, 6.x antes 6.0.36, v7.x antes de v7.0.30 registra valores cnonce (alias client nonce) en lugar de nonce (alias server nonce) y valores nc (alias nonce-count), lo que hace que sea más fácil para los atacantes remotos evitar las restricciones de acceso esnifando peticiones válidas a través del tráfico de red, una vulnerabilidad diferente a CVE-2011-1184. • http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://marc.info/?l=bugtraq&m=136485229118404&w=2 http://marc.info/?l=bugtraq&m=136612293908376&w=2 http://rhn.redhat.com/errata/RHSA-2013-0623.html http://rhn.redhat.com/errata/RHSA-2013-0629.html http://rhn.redhat.com/errata/RHSA-2013-0631.html http://rhn.redhat.com/erra • CWE-264: Permissions, Privileges, and Access Controls •