exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2012-4431

Status Candidate

Overview

org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.

Related Files

Gentoo Linux Security Advisory 201412-29
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2733, CVE-2012-3544, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
SHA-256 | 812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268e
Red Hat Security Advisory 2013-1853-01
Posted Dec 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1853-01 - Red Hat JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss Operations Network 3.2.0 release serves as a replacement for JBoss Operations Network 3.1.2, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5783, CVE-2013-2172
SHA-256 | dbd543071b01d4b700875aa71439e1cdfedf225ca4e629df2fd1c6fbeee18f9d
Red Hat Security Advisory 2013-1437-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1437-01 - This Red Hat JBoss Portal 6.1.0 release serves as a replacement for 6.0.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-4529, CVE-2012-4572, CVE-2012-5575, CVE-2013-1921, CVE-2013-2067, CVE-2013-2102, CVE-2013-2160, CVE-2013-2172, CVE-2013-4112, CVE-2013-4128, CVE-2013-4213
SHA-256 | c561772e782ab85b102432049507a7b5cc958b68879cf92daa7410179afdf208
HP Security Bulletin HPSBMU02873 SSRT101182
Posted Apr 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02873 SSRT101182 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Apache Tomcat environment has been updated to correct these issues. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534
SHA-256 | 3a9a3d4a425cbd20923f80d24ed414a8a63ec3c97cce49d888efcf082ada17c7
HP Security Bulletin HPSBUX02866 SSRT101139
Posted Apr 16, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-6750, CVE-2012-2687, CVE-2012-2733, CVE-2012-3499, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-4557, CVE-2012-4558, CVE-2012-4929, CVE-2012-5885
SHA-256 | d6c34385da1a0269af4fc2c91e93b32c176acbb9b42ae7cafb46c63ea03bc087
Red Hat Security Advisory 2013-0665-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0665-01 - JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of JBoss Data Grid 6.1.0 serves as a replacement for JBoss Data Grid 6.0.1. It includes various bug fixes and enhancements which are detailed in the JBoss Data Grid 6.1.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5629, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 86e2f99d5f2e98f7fd162cf083ac17e2a1498532e28600b423b7c876fb02fd90
Red Hat Security Advisory 2013-0647-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0647-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.

tags | advisory, java, remote, web, csrf
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | cae7f2723e72a831376fbdd1d9a7180b3d68ef9063766a4141634d2342c6f76a
Red Hat Security Advisory 2013-0648-01
Posted Mar 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0648-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter in JBoss Web. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Multiple weaknesses were found in the JBoss Web DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances.

tags | advisory, java, remote, web, csrf
systems | linux, redhat
advisories | CVE-2012-4431, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 622d29c2160f22699e5b7c9c65fa1deed1df2ed503b5aef7ffd26ac8ce417669
Red Hat Security Advisory 2013-0268-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0268-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation .

tags | advisory, remote, web, csrf
systems | linux, redhat
advisories | CVE-2012-4431
SHA-256 | 94eee7960c392c24e87d8653bcee0f0ecd29a942c28785158881dbcf707cc305
Red Hat Security Advisory 2013-0267-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0267-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. Warning: Before applying the update, back up your existing JBoss Enterprise Web Server installation .

tags | advisory, remote, web, csrf
systems | linux, redhat
advisories | CVE-2012-4431
SHA-256 | ada87f1cd23add09ede83792a895ace408134083633cc2e27cd811e66fc79145
Red Hat Security Advisory 2013-0266-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0266-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO connector and HTTPS. A remote attacker could use this flaw to cause a denial of service. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime connector from the Tomcat Native library was not affected by this flaw.

tags | advisory, remote, web, denial of service, csrf
systems | linux, redhat
advisories | CVE-2012-2733, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 838e0b0453161e876d6ad39703ceea8e53d3dc5c7776541bd1681cd631c9061c
Red Hat Security Advisory 2013-0265-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0265-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO connector and HTTPS. A remote attacker could use this flaw to cause a denial of service. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime connector from the Tomcat Native library was not affected by this flaw.

tags | advisory, remote, web, denial of service, csrf
systems | linux, redhat
advisories | CVE-2012-2733, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 6511b80f8afd37774dceb238e867e6df16dccae6e5a11cbab1bec49a8584d7f2
Ubuntu Security Notice USN-1685-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1685-1 - It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Tomcat incorrectly handled requests that lack a session identifier. A remote attacker could possibly use this flaw to bypass the cross-site request forgery protection. Various other issues were also addressed.

tags | advisory, remote, csrf
systems | linux, ubuntu
advisories | CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534
SHA-256 | 79532f6936e805b7d5c26f245986b7203950b4251272d82f8429b94f4668b18e
Apache Tomcat CSRF Prevention Filter Bypass
Posted Dec 5, 2012
Authored by Mark Thomas | Site tomcat.apache.org

The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request. Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.31 are affected.

tags | advisory
advisories | CVE-2012-4431
SHA-256 | 74e285db6d16f94ed3552ccea4024d4d096965cbcd236bc2ba5d83beab7e0fda
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close