Instagram vulnerable
Tumblr Worm
MySQL Zero-days
New Linux Rootkit
Shylock malware
Printer Backdoor
Subscribe for Quick Updates
Apache Tomcat Multiple Critical Vulnerabilities
on
Some critical vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service) attack. These vulnerabilities affect Apache Tomcat 6.x and Apache Tomcat 7.x .
Apache Tomcat vulnerabilities
CVE-2012-4534 Apache Tomcat denial of service
CVE-2012-3546 Apache Tomcat Bypass of security constraints
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
According to CVE-2012-4431 , The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.
CVE-2012-4534, DOS includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Whereas, CVE-2012-3546 – where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application.
If you are affected, Please update your Tomcat to a fixed version i.e
Tomcat 7.x: Update to version 7.0.32.
Tomcat 6.x: Update to version 6.0.36.
About Author:
Mohit Kumar aka ‘Unix Root’ is Founder and Editor-in-chief of ‘The Hacker News’. He is a Security Researcher and Analyst, with experience in various aspects of Information Security. His editorials always get people thinking and participating in the new and exciting world of cyber security. Other than this : He is an Internet Activist, Strong supporter of Anonymous & Wikileaks. His all efforts are to make internet more Secure. Follow him @ Twitter | LinkedIn | Google | Email
Tags:
Apache
,
Bypass of CSRF prevention filter
,
critical Vulnerabilities
,
CVE-2012-3546
,
CVE-2012-4431
,
CVE-2012-4534
,
denial of service
,
Security News
,
Tomcat
,
vulnerabilities
,
Vulnerability
The content of – Apache Tomcat Multiple Critical Vulnerabilities and other Information in this article is only for Educational Purpose, provided by various legit sources and deep analysis of our Security Research Team. Please feel free to Contact us. Thank You !
Older Post
‘; var pageArea = document.getElementsByName(“pageArea”);
var blogPager = document.getElementById(“blog-pager”); if(postNum 0)
html =”;
if(blogPager)
blogPager.innerHTML = html;
} function showpageCount2(json) var thisUrl = home_page_url;
var htmlMap = new Array();
var isLablePage = thisUrl.indexOf(“/search/label/”)!=-1;
var thisLable = isLablePage ? thisUrl.substr(thisUrl.indexOf(“/search/label/”)+14,thisUrl.length) : “”;
thisLable = thisLable.indexOf(“?”)!=-1 ? thisLable.substr(0,thisLable.indexOf(“?”)) : thisLable;
var thisNum = 1;
var postNum=1;
var itemCount = 0;
var fFlag = 0;
var eFlag = 0;
var html= ”;
var upPageHtml =”;
var downPageHtml =”; var labelHtml = ‘
‘;
}else
upPageHtml = ‘
‘;
fFlag++;
} if(p==(thisNum-1))
html += ‘
‘+thisNum+’
‘;
else
if(p==0)
html = labelHtml+’1′;
else
html += ‘
‘;
} if(eFlag ==0 && p == thisNum)
downPageHtml = ‘
‘;
eFlag++;
}
} if(thisNum>1)
if(!isLablePage)
html = ”+upPageHtml+’ ‘+html +’ ‘;
else
html = ”+upPageHtml+’ ‘+html +’ ‘;
} html = ‘
Pages (‘+(postNum-1)+’)'+html; if(thisNum’; var pageArea = document.getElementsByName(“pageArea”);
var blogPager = document.getElementById(“blog-pager”); if(postNum 0)
html =”;
if(blogPager)
blogPager.innerHTML = html;
}
Loading
;
Continue reading here:
Apache Tomcat Multiple Critical Vulnerabilities
Print 
PDF
