Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Bypass of CSRF prevention filter. Show all posts
Vulnerability
Bypass of CSRF prevention filter Bypass of Security constraints Denial of Service vulnerability IT Security News Tomcat Vulnerability Vulnerability

Three critical vulnerabilities identified in Apache Tomcat 7 and 6


The Tomcat security team has identified three critical vulnerabilities in the Apache Tomcat , an open source web server and servlet container . The vulnerabilities affect 7 and 6 versions .

CVE-2012-4534: Denial of Service(DOS) vulnerability
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading the response an infinite loop
is entered leading to a denial of service. Tomcat 7.0.0 to 7.0.27 and Tomcat 6.0.0 to 6.0.35 are affected .

CVE-2012-3546 : Apache Tomcat Bypass of security constraints
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate(). Tomcat 7.0.0 to 7.0.29 and Tomcat 6.0.0 to 6.0.35 are affected .

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
The CSRF prevention filter could be bypassed if a request was made to a
protected resource without a session identifier present in the request. Tomcat 7.0.0 to 7.0.31 and Tomcat 6.0.0 to 6.0.35 are affected .

Users of affected versions are advised to upgrade their Tomcat with the latest versions.
Read more »
Subscribe to: Posts (Atom)