mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-12-12 10:06:44 +00:00
283 lines
9.5 KiB
JSON
283 lines
9.5 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2012-3546",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
|
|
"refsource" : "BUGTRAQ",
|
|
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
|
|
},
|
|
{
|
|
"name" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892"
|
|
},
|
|
{
|
|
"name" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892"
|
|
},
|
|
{
|
|
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1377892",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1377892"
|
|
},
|
|
{
|
|
"name" : "http://tomcat.apache.org/security-6.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://tomcat.apache.org/security-6.html"
|
|
},
|
|
{
|
|
"name" : "http://tomcat.apache.org/security-7.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://tomcat.apache.org/security-7.html"
|
|
},
|
|
{
|
|
"name" : "HPSBMU02873",
|
|
"refsource" : "HP",
|
|
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
|
|
},
|
|
{
|
|
"name" : "SSRT101182",
|
|
"refsource" : "HP",
|
|
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
|
|
},
|
|
{
|
|
"name" : "HPSBST02955",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
|
|
},
|
|
{
|
|
"name" : "HPSBUX02866",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
|
|
},
|
|
{
|
|
"name" : "SSRT101139",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0146",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0146.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0147",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0147.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0151",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0151.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0157",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0157.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0158",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0158.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0164",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0164.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0191",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0192",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0193",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0194",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0195",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0196",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0197",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0198",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0221",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0162",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0162.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0163",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0163.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0235",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0235.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0004",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0004.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0623",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0640",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0641",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0641.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0642",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
|
|
},
|
|
{
|
|
"name" : "RHSA-2013:0005",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0005.html"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2012:1700",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2012:1701",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2013:0147",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
|
|
},
|
|
{
|
|
"name" : "USN-1685-1",
|
|
"refsource" : "UBUNTU",
|
|
"url" : "http://www.ubuntu.com/usn/USN-1685-1"
|
|
},
|
|
{
|
|
"name" : "56812",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/56812"
|
|
},
|
|
{
|
|
"name" : "oval:org.mitre.oval:def:19305",
|
|
"refsource" : "OVAL",
|
|
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
|
|
},
|
|
{
|
|
"name" : "1027833",
|
|
"refsource" : "SECTRACK",
|
|
"url" : "http://www.securitytracker.com/id?1027833"
|
|
},
|
|
{
|
|
"name" : "51984",
|
|
"refsource" : "SECUNIA",
|
|
"url" : "http://secunia.com/advisories/51984"
|
|
},
|
|
{
|
|
"name" : "52054",
|
|
"refsource" : "SECUNIA",
|
|
"url" : "http://secunia.com/advisories/52054"
|
|
},
|
|
{
|
|
"name" : "57126",
|
|
"refsource" : "SECUNIA",
|
|
"url" : "http://secunia.com/advisories/57126"
|
|
}
|
|
]
|
|
}
|
|
}
|