Oval Definition:	oval:com.ubuntu.precise:def:20123546000
Revision Date: 2012-12-19 Version: 1 Title: CVE-2012-3546 on Ubuntu 12.04 LTS (precise) - medium. Description: org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. Family: unix Class: vulnerability Status: Reference(s): CVE-2012-3546 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'tomcat6' package in precise was vulnerable but has been fixed (note: '6.0.35-1ubuntu3.2'). OR The 'tomcat7' package in precise was vulnerable but has been fixed (note: '7.0.26-1ubuntu1.2').
BACK