Skip to main content

Apache Tomcat Security Advisories

By Anonymous
The Apache Tomcat team has announced 3 new security advisories for Apache Tomcat versions 6 and 7.  All three of these advisories are classified as important, meaning that users should upgrade to an appropriate version of Tomcat. The advisories are:
  • CVE-2012-4534 Apache Tomcat denial of service
  • CVE-2012-3546 Apache Tomcat Bypass of security constraints
  • CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter

CVE-2012-4534 Apache Tomcat denial of service
"When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service."

Users are advised to upgrade to Tomcat version 7.0.28 or later (or 6.0.36 or later for Tomcat 6 users).

CVE-2012-3546 Apache Tomcat Bypass of security constraints
"When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate()."

Users are advised to upgrade to Tomcat version 7.0.30 or later (or 6.0.36 or later for Tomcat 6 users).

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
"The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request."

Users are advised to upgrade to Tomcat version 7.0.32 or later (or 6.0.36 or later for Tomcat 6 users).
Labels:

Comments

Post a Comment

Popular posts from this blog

Creating a Joke Application in React

By
Introduction I've recently started learning React. I've been a backend developer for a long time, but have started to love doing client side work. As they say, the best way to learn is to practise. So here is a simple joke application that I've written in React. The source code for the application can be found on GitHub at: https://github.com/doobrie/react-joke Creating the project Whilst practising, I've quite often created projects from scratch, but this is quite tedious as the same steps need to be taken for each project. I needed to create the project structure, configure Babel, write some control scripts etc. Instead of doing that this time, I've used the create-react-app tool to scaffold the basics of an application. npx create-react-app This sets up everything that you need to get started with a React app. Coding As this is a simple project, I've created one react component, function app() . I've created this as a functional c...
Post a Comment
Read more

Changing Default Search Provider in Firefox on Linux Mint

By
On Linux Mint, the default version of Firefox is installed and configured to allow the following search engines to be queried directly from the address bar: Yahoo! Startpage DuckDuckGo Wikipedia Mint defines these as the default available set of search engines based upon 3 criteria (funding to Linux Mint, privacy support and whether the search engine is non-commercial). Other search engines such as Google, Bing or Twitter, etc. can easily be added into the default version of Firefox however. To add a different search provider, browse to Search Engines At the bottom of the page, click on the icon of the requested search engine, then click on the ... button in the URL bar and select the Add Search Engine option. You then have the option to change the default search engine within Firefox preferences to your new choice.
Post a Comment
Read more

The new Eclipse logo

By Anonymous
In a blog post today, Ian Skerrett has announced the new logo for Eclipse. Last fall we [The Eclipse Foundation] started a process to  update the Eclipse logo . The existing logo had not been change since Eclipse was launched and it was showing its age. I am happy to announce we have finished the process and am pleased to introduce the updated Eclipse logo. The new logo has a fresh modern look to it, which I think is a good improvement and will stand Eclipse in good stead for the future. The new logo will be included with the next Eclipse release train, Luna, and gradually rolled out across the Eclipse site and projects. What do you think?  Do you like the new logo?  Add your comments below.
Post a Comment
Read more