exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2012-4534

Status Candidate

Overview

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Related Files

Gentoo Linux Security Advisory 201412-29
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2733, CVE-2012-3544, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
SHA-256 | 812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268e
HP Security Bulletin HPSBMU02873 SSRT101182
Posted Apr 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02873 SSRT101182 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Apache Tomcat environment has been updated to correct these issues. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534
SHA-256 | 3a9a3d4a425cbd20923f80d24ed414a8a63ec3c97cce49d888efcf082ada17c7
HP Security Bulletin HPSBUX02866 SSRT101139
Posted Apr 16, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-6750, CVE-2012-2687, CVE-2012-2733, CVE-2012-3499, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-4557, CVE-2012-4558, CVE-2012-4929, CVE-2012-5885
SHA-256 | d6c34385da1a0269af4fc2c91e93b32c176acbb9b42ae7cafb46c63ea03bc087
Red Hat Security Advisory 2013-0623-01
Posted Mar 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0623-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | b7ea678c555beedbc297b1a1e6799654a1cb52d11728e7632582b7b2bee2b633
Red Hat Security Advisory 2013-0266-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0266-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO connector and HTTPS. A remote attacker could use this flaw to cause a denial of service. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime connector from the Tomcat Native library was not affected by this flaw.

tags | advisory, remote, web, denial of service, csrf
systems | linux, redhat
advisories | CVE-2012-2733, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 838e0b0453161e876d6ad39703ceea8e53d3dc5c7776541bd1681cd631c9061c
Red Hat Security Advisory 2013-0265-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0265-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO connector and HTTPS. A remote attacker could use this flaw to cause a denial of service. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime connector from the Tomcat Native library was not affected by this flaw.

tags | advisory, remote, web, denial of service, csrf
systems | linux, redhat
advisories | CVE-2012-2733, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 6511b80f8afd37774dceb238e867e6df16dccae6e5a11cbab1bec49a8584d7f2
Ubuntu Security Notice USN-1685-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1685-1 - It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Tomcat incorrectly handled requests that lack a session identifier. A remote attacker could possibly use this flaw to bypass the cross-site request forgery protection. Various other issues were also addressed.

tags | advisory, remote, csrf
systems | linux, ubuntu
advisories | CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534
SHA-256 | 79532f6936e805b7d5c26f245986b7203950b4251272d82f8429b94f4668b18e
Apache Tomcat 6.x / 7.x Denial Of Service
Posted Dec 5, 2012
Authored by Mark Thomas, Arun Neelicattu | Site tomcat.apache.org

When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service. Tomcat versions 6.0.0 through 6.0.35 and 7.0.0 through 7.0.27 are affected.

tags | advisory, web, denial of service
advisories | CVE-2012-4534
SHA-256 | 6afeb9d776681b81c074822aa40b6c5c5f366a02d179b63da64bea40dbcc6900
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close