Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1685-1
HistoryJan 14, 2013 - 12:00 a.m.

Tomcat vulnerabilities

2013-01-1400:00:00
ubuntu.com
33

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

High

0.705 High

EPSS

Percentile

98.1%

JSON

Releases

  • Ubuntu 12.10
  • Ubuntu 12.04
  • Ubuntu 11.10
  • Ubuntu 10.04

Packages

  • tomcat6 - Servlet and JSP engine
  • tomcat7 - Servlet and JSP engine

Details

It was discovered that Tomcat incorrectly performed certain security
constraint checks in the FORM authenticator. A remote attacker could
possibly use this flaw with a specially-crafted URI to bypass security
constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10
and Ubuntu 12.04 LTS. (CVE-2012-3546)

It was discovered that Tomcat incorrectly handled requests that lack a
session identifier. A remote attacker could possibly use this flaw to
bypass the cross-site request forgery protection. (CVE-2012-4431)

It was discovered that Tomcat incorrectly handled sendfile and HTTPS when
the NIO connector is used. A remote attacker could use this flaw to cause
Tomcat to stop responsing, resulting in a denial of service. This issue
only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS.
(CVE-2012-4534)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchlibtomcat7-java<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.10noarchlibservlet3.0-java<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.10noarchlibservlet3.0-java-doc<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.10noarchtomcat7<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.10noarchtomcat7-admin<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.10noarchtomcat7-common<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.10noarchtomcat7-docs<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.10noarchtomcat7-examples<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.10noarchtomcat7-user<ย 7.0.30-0ubuntu1.1UNKNOWN
Ubuntu12.04noarchlibtomcat6-java<ย 6.0.35-1ubuntu3.2UNKNOWN
Rows per page:
1-10 of 381

Related

thn 2
openvas 25
securityvulns 6
nessus 47
fedora 1
tomcat 4
f5 1
prion 3
cve 3
checkpoint_advisories 1
debiancve 3
redhat 29
atlassian 6
debian 1
centos 2
osv 3
cvelist 3
nvd 3
ubuntucve 3
veracode 10
freebsd 3
github 2
seebug 2
vmware 2
oraclelinux 2
gentoo 1
ibm 2
thn
thn
Apache Tomcat Multiple Critical Vulnerabilities
2012-12-05 06:45:00
Apache Tomcat Multiple Critical Vulnerabilities
2012-12-05 17:45:00
openvas
openvas
Ubuntu: Security Advisory (USN-1685-1)
2013-01-15 00:00:00
Ubuntu Update for tomcat7 USN-1685-1
2013-01-15 00:00:00
Fedora Update for tomcat FEDORA-2012-20151
2012-12-26 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2012-12-07 00:00:00
CVE-2012-4534 Apache Tomcat denial of service
2012-12-07 00:00:00
CVE-2012-3546 Apache Tomcat Bypass of security constraints
2012-12-07 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : tomcat6, tomcat7 vulnerabilities (USN-1685-1)
2013-01-15 00:00:00
openSUSE Security Update : tomcat6 (openSUSE-SU-2013:0161-1)
2014-06-13 00:00:00
Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities
2012-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16
2012-12-19 08:29:53
tomcat
tomcat
Fixed in Apache Tomcat 6.0.36
2012-10-19 00:00:00
Fixed in Apache Tomcat 7.0.32
2012-10-09 00:00:00
Fixed in Apache Tomcat 7.0.28
2012-06-19 00:00:00
f5
f5
K20038622 : Multiple Apache Tomcat vulnerabilities
2020-08-06 00:00:00
prion
prion
Design/Logic Flaw
2012-12-19 11:55:00
Cross site request forgery (csrf)
2012-12-19 11:55:00
Authentication flaw
2012-12-19 11:55:00
cve
cve
CVE-2012-4534
2012-12-19 11:55:54
CVE-2012-4431
2012-12-19 11:55:54
CVE-2012-3546
2012-12-19 11:55:54
checkpoint_advisories
checkpoint_advisories
Apache Tomcat NIO Connector Denial of Service (CVE-2012-4534)
2013-01-14 00:00:00
debiancve
debiancve
CVE-2012-4534
2012-12-19 11:55:00
CVE-2012-4431
2012-12-19 11:55:00
CVE-2012-3546
2012-12-19 11:55:00
redhat
redhat
(RHSA-2013:0623) Important: tomcat6 security update
2013-03-11 00:00:00
(RHSA-2013:0268) Moderate: tomcat7 security update
2013-02-19 20:31:14
(RHSA-2013:0163) Important: jbossweb security update
2013-01-15 00:00:00
atlassian
atlassian
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
debian
debian
[SECURITY] [DSA 2725-1] tomcat6 security update
2013-07-18 17:58:50
centos
centos
tomcat6 security update
2013-03-12 05:31:44
tomcat5 security update
2013-03-12 19:14:34
osv
osv
tomcat6 - several
2013-07-18 00:00:00
Cross-Site Request Forgery in Apache Tomcat
2022-05-17 00:57:51
Authentication Bypass in Apache Tomcat
2022-05-17 00:59:04
cvelist
cvelist
CVE-2012-4431
2012-12-19 11:00:00
CVE-2012-4534
2012-12-19 11:00:00
CVE-2012-3546
2012-12-19 11:00:00
nvd
nvd
CVE-2012-4534
2012-12-19 11:55:54
CVE-2012-4431
2012-12-19 11:55:54
CVE-2012-3546
2012-12-19 11:55:54
ubuntucve
ubuntucve
CVE-2012-4534
2012-12-19 00:00:00
CVE-2012-4431
2012-12-19 00:00:00
CVE-2012-3546
2012-12-19 00:00:00
veracode
veracode
Authentication Bypass When FORM Authentication Is Used
2019-01-15 08:52:32
Cross-site Request Forgery (CSRF)
2019-01-15 08:56:33
Privilege Escalation
2019-05-02 04:46:47
freebsd
freebsd
tomcat -- bypass of CSRF prevention filter
2012-12-04 00:00:00
tomcat -- denial of service
2012-12-04 00:00:00
tomcat -- bypass of security constraints
2012-12-04 00:00:00
github
github
Cross-Site Request Forgery in Apache Tomcat
2022-05-17 00:57:51
Authentication Bypass in Apache Tomcat
2022-05-17 00:59:04
seebug
seebug
Apache Tomcat ่ทจ็ซ™่ฏทๆฑ‚ไผช้€ ๆผๆดž
2012-12-07 00:00:00
Apache Tomcat FORM่บซไปฝ้ชŒ่ฏๅฎ‰ๅ…จ็ป•่ฟ‡ๆผๆดž
2012-12-07 00:00:00
vmware
vmware
VMware security updates for vCenter Server
2013-04-25 00:00:00
VMware security updates for vCenter Server
2013-04-25 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2013-03-11 00:00:00
tomcat5 security update
2013-03-12 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
ibm
ibm
Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator
2021-10-06 14:56:49
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities
2022-06-16 21:33:31

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.9 Medium

AI Score

Confidence

High

0.705 High

EPSS

Percentile

98.1%

JSON
Related for USN-1685-1
thn2openvas25securityvulns6nessus47fedora1tomcat4f51prion3cve3checkpoint_advisories1debiancve3redhat29atlassian6debian1centos2osv3cvelist3nvd3ubuntucve3veracode10freebsd3github2seebug2vmware2oraclelinux2gentoo1ibm2