CVE-2012-3546 in Tomcatinfo

Summary

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

06/14/2012

Disclosure

12/19/2012

Moderation

VulDB entry created

Entries

VDB-7074 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

6.5

EPSS

0.02230

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-3546
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-3546
CVE Details	https://www.cvedetails.com/cve/CVE-2012-3546/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!