mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
282 lines
10 KiB
JSON
282 lines
10 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secalert@redhat.com",
|
|
"ID": "CVE-2012-3546",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "SSRT101139",
|
|
"refsource": "HP",
|
|
"url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
|
|
},
|
|
{
|
|
"name": "1027833",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id?1027833"
|
|
},
|
|
{
|
|
"name": "USN-1685-1",
|
|
"refsource": "UBUNTU",
|
|
"url": "http://www.ubuntu.com/usn/USN-1685-1"
|
|
},
|
|
{
|
|
"name": "56812",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/56812"
|
|
},
|
|
{
|
|
"name": "openSUSE-SU-2012:1700",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
|
|
},
|
|
{
|
|
"name": "http://svn.apache.org/viewvc?view=revision&revision=1377892",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://svn.apache.org/viewvc?view=revision&revision=1377892"
|
|
},
|
|
{
|
|
"name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/RealmBase.java?r1=1377892&r2=1377891&pathrev=1377892"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0640",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
|
|
},
|
|
{
|
|
"name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1377892&r2=1377891&pathrev=1377892"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0163",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0163.html"
|
|
},
|
|
{
|
|
"name": "SSRT101182",
|
|
"refsource": "HP",
|
|
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0164",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0164.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0192",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0198",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0641",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0641.html"
|
|
},
|
|
{
|
|
"name": "20121204 CVE-2012-3546 Apache Tomcat Bypass of security constraints",
|
|
"refsource": "BUGTRAQ",
|
|
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0044.html"
|
|
},
|
|
{
|
|
"name": "http://tomcat.apache.org/security-7.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://tomcat.apache.org/security-7.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0004",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0004.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0195",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0221",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0196",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0147",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0147.html"
|
|
},
|
|
{
|
|
"name": "oval:org.mitre.oval:def:19305",
|
|
"refsource": "OVAL",
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19305"
|
|
},
|
|
{
|
|
"name": "HPSBMU02873",
|
|
"refsource": "HP",
|
|
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0158",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0158.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0193",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0157",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0157.html"
|
|
},
|
|
{
|
|
"name": "51984",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/51984"
|
|
},
|
|
{
|
|
"name": "http://tomcat.apache.org/security-6.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://tomcat.apache.org/security-6.html"
|
|
},
|
|
{
|
|
"name": "52054",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/52054"
|
|
},
|
|
{
|
|
"name": "57126",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/57126"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0146",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0146.html"
|
|
},
|
|
{
|
|
"name": "openSUSE-SU-2013:0147",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0191",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0623",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0197",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0235",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0235.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0642",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0642.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0194",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
|
|
},
|
|
{
|
|
"name": "HPSBUX02866",
|
|
"refsource": "HP",
|
|
"url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0005",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0005.html"
|
|
},
|
|
{
|
|
"name": "HPSBST02955",
|
|
"refsource": "HP",
|
|
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
|
|
},
|
|
{
|
|
"name": "openSUSE-SU-2012:1701",
|
|
"refsource": "SUSE",
|
|
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0162",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0162.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2013:0151",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2013-0151.html"
|
|
}
|
|
]
|
|
}
|
|
} |