Apache Tomcat Multiple Critical Vulnerabilities

1caciPhoneInstagramusersvulnerabletohackers Apache Tomcat Multiple Critical Vulnerabilities



Instagram vulnerable



Tumblr Worm



MySQL Zero-days



New Linux Rootkit



Shylock malware



Printer Backdoor

Subscribe for Quick Updates



Apache Tomcat Multiple Critical Vulnerabilities


Author : Mohit Kumar

on

12/05/2012 06:45:00 AM

Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x .

Apache Tomcat vulnerabilities

CVE-2012-4534 Apache Tomcat denial of service
CVE-2012-3546 Apache Tomcat Bypass of security constraints
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter

According to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.

CVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

Whereas, CVE-2012-3546 – where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application.

If you are affected, Please update your Tomcat to a fixed version i.e

Tomcat 7.x: Update to version 7.0.32.
Tomcat 6.x: Update to version 6.0.36.

About Author:


Mohit Kumar
aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. His editorials always get people thinking and participating in the new and exciting world of cyber security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. His all efforts are to make internet more Secure. Follow him @ Twitter | LinkedIn | |

Tags:

,

,

,

,

,

,

,

,

,

,

The content of – Apache Tomcat Multiple Critical Vulnerabilities and other Information in this article is only for Educational Purpose, provided by various legit sources and deep analysis of our Security Research Team. Please feel free to Contact us. Thank You !
Older Post

Home

‘; var pageArea = document.getElementsByName(“pageArea”);
var blogPager = document.getElementById(“blog-pager”); if(postNum 0)
html =”;
if(blogPager)
blogPager.innerHTML = html;
} function showpageCount2(json) var thisUrl = home_page_url;
var htmlMap = new Array();
var isLablePage = thisUrl.indexOf(“/search/label/”)!=-1;
var thisLable = isLablePage ? thisUrl.substr(thisUrl.indexOf(“/search/label/”)+14,thisUrl.length) : “”;
thisLable = thisLable.indexOf(“?”)!=-1 ? thisLable.substr(0,thisLable.indexOf(“?”)) : thisLable;
var thisNum = 1;
var postNum=1;
var itemCount = 0;
var fFlag = 0;
var eFlag = 0;
var html= ”;
var upPageHtml =”;
var downPageHtml =”; var labelHtml = ‘

‘;
var thisUrl = home_page_url; htmlMap[htmlMap.length]=labelHtml;
postNum++; for(var i=pageCount-1, post; post = json.feed.entry[i]; i=i+pageCount)
var timestamp1 = post.published.$t.substring(0,19)+post.published.$t.substring(23,29);
timestamp = encodeURIComponent(timestamp1); var title = post.title.$t; if(thisUrl.indexOf(timestamp)!=-1 )
thisNum = postNum;
if(title!=”) postNum++;
htmlMap[htmlMap.length] = ‘/search/label/’+thisLable+’?updated-max=’+timestamp+’&max-results=’+pageCount; itemCount++;
} var banyaknomer = htmlMap.length;
if (json.feed.entry.length % pageCount == 0)
var banyaknomer = htmlMap.length -1 ;
postNum=postNum-1;
; for(var p =0;p=(thisNum-displayPageNum-1) && p

‘;
}else
upPageHtml = ‘

‘+ upPageWord +’

‘;
fFlag++;
} if(p==(thisNum-1))
html += ‘

‘+thisNum+’

‘;
else
if(p==0)
html = labelHtml+’1′;
else
html += ‘

‘+ (p+1) +’

‘;

} if(eFlag ==0 && p == thisNum)
downPageHtml = ‘

‘+ downPageWord +’

‘;
eFlag++;

}
} if(thisNum>1)
if(!isLablePage)
html = ”+upPageHtml+’ ‘+html +’ ‘;
else
html = ”+upPageHtml+’ ‘+html +’ ‘;

} html = ‘

Pages (‘+(postNum-1)+’)’+html; if(thisNum’; var pageArea = document.getElementsByName(“pageArea”);
var blogPager = document.getElementById(“blog-pager”); if(postNum 0)
html =”;
if(blogPager)
blogPager.innerHTML = html;
}

Loading

;

Continue reading here:  

Apache Tomcat Multiple Critical Vulnerabilities

Leave a Reply

Post Navigation

%d bloggers like this:
Donate Bitcoins: 14VqDxDzkhvktP5Q5ejnL4xJHARwbTpfDY
Buy VPN