diff options
| author | rea <rea@FreeBSD.org> | 2012-12-30 03:53:46 +0800 |
|---|---|---|
| committer | rea <rea@FreeBSD.org> | 2012-12-30 03:53:46 +0800 |
| commit | 51eadb636743a555db2e922dc5275a0ff97f01b9 (patch) | |
| tree | 3f4589cf5001cfde02a0198871df394529028800 /security/vuxml | |
| parent | de1fe3791967091b0224b5a9168426c96578b2c9 (diff) | |
| download | freebsd-ports-gnome-51eadb636743a555db2e922dc5275a0ff97f01b9.tar.gz freebsd-ports-gnome-51eadb636743a555db2e922dc5275a0ff97f01b9.tar.zst freebsd-ports-gnome-51eadb636743a555db2e922dc5275a0ff97f01b9.zip | |
VuXML entries for Tomcat: split into three distinct ones
They affect different Tomcat versions from 7.x branch, so don't let
users of VuXML be fooled on the affected software for each vulnerability.
Feature safe: yes
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 88 |
1 files changed, 73 insertions, 15 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1f63b1be3a35..354289d07138 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -192,8 +192,8 @@ Note: Please add new entries to the beginning of this file. </dates> </vuln> - <vuln vid="f599dfc4-3ec2-11e2-8ae1-001a8056d0b5"> - <topic>tomcat -- multiple vulnerabilities</topic> + <vuln vid="953911fe-51ef-11e2-8e34-0022156e8794"> + <topic>tomcat -- bypass of CSRF prevention filter</topic> <affects> <package> <name>tomcat6</name> @@ -206,26 +206,48 @@ Note: Please add new entries to the beginning of this file. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>The Apache Software Foundation reports:</p> - <blockquote cite="http://tomcat.apache.org/security.html"> - <p>When using the NIO connector with sendfile and HTTPS enabled, if a - client breaks the connection while reading the response an infinite loop - is entered leading to a denial of service.</p> - <p>When using FORM authentication it was possible to bypass the security - constraint checks in the FORM authenticator by appending - "/j_security_check" to the end of the URL if some other component - (such as the Single-Sign-On valve) had called request.setUserPrincipal() - before the call to FormAuthenticator#authenticate().</p> + <p>The Apache Software Foundation reports:</p> + <blockquote cite="http://tomcat.apache.org/security-7.html"> <p>The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request.</p> - </blockquote> + </blockquote> </body> </description> <references> - <cvename>CVE-2012-3546</cvename> <cvename>CVE-2012-4431</cvename> + <url>http://tomcat.apache.org/security-6.html</url> + <url>http://tomcat.apache.org/security-7.html</url> + </references> + <dates> + <discovery>2012-12-04</discovery> + <entry>2012-12-04</entry> + </dates> + </vuln> + + <vuln vid="134acaa2-51ef-11e2-8e34-0022156e8794"> + <topic>tomcat -- denial of service</topic> + <affects> + <package> + <name>tomcat6</name> + <range><ge>6.0.0</ge><le>6.0.35</le></range> + </package> + <package> + <name>tomcat7</name> + <range><ge>7.0.0</ge><le>7.0.27</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Apache Software Foundation reports:</p> + <blockquote cite="http://tomcat.apache.org/security-7.html"> + <p>When using the NIO connector with sendfile and HTTPS enabled, if a + client breaks the connection while reading the response an infinite loop + is entered leading to a denial of service.</p> + </blockquote> + </body> + </description> + <references> <cvename>CVE-2012-4534</cvename> - <url>http://tomcat.apache.org/security.html</url> <url>http://tomcat.apache.org/security-6.html</url> <url>http://tomcat.apache.org/security-7.html</url> </references> @@ -235,6 +257,42 @@ Note: Please add new entries to the beginning of this file. </dates> </vuln> + <vuln vid="f599dfc4-3ec2-11e2-8ae1-001a8056d0b5"> + <topic>tomcat -- bypass of security constraints</topic> + <affects> + <package> + <name>tomcat6</name> + <range><ge>6.0.0</ge><le>6.0.35</le></range> + </package> + <package> + <name>tomcat7</name> + <range><ge>7.0.0</ge><le>7.0.29</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Apache Software Foundation reports:</p> + <blockquote cite="http://tomcat.apache.org/security-7.html"> + <p>When using FORM authentication it was possible to bypass the security + constraint checks in the FORM authenticator by appending + "/j_security_check" to the end of the URL if some other component + (such as the Single-Sign-On valve) had called request.setUserPrincipal() + before the call to FormAuthenticator#authenticate().</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-3546</cvename> + <url>http://tomcat.apache.org/security-6.html</url> + <url>http://tomcat.apache.org/security-7.html</url> + </references> + <dates> + <discovery>2012-12-04</discovery> + <entry>2012-12-04</entry> + <modified>2012-12-29</modified> + </dates> + </vuln> + <vuln vid="2892a8e2-3d68-11e2-8e01-0800273fe665"> <topic>dns/bind9* -- servers using DNS64 can be crashed by a crafted query</topic> <affects> |