Oval Definition:oval:org.mitre.oval:def:19305
Revision Date:2015-04-20Version:30
Title:HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
Description:org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2012-3546
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02866
  • platforms
  • HP-UX B.11.23
  • OR HP-UX B.11.31
  • AND filesets tests
  • hpuxws22APCH32.APACHE version is less than B.2.2.15.15
  • OR hpuxws22APCH32.APACHE2 version is less than B.2.2.15.15
  • OR hpuxws22APCH32.AUTH_LDAP version is less than B.2.2.15.15
  • OR hpuxws22APCH32.AUTH_LDAP2 version is less than B.2.2.15.15
  • OR hpuxws22APCH32.MOD_JK version is less than B.2.2.15.15
  • OR hpuxws22APCH32.MOD_JK2 version is less than B.2.2.15.15
  • OR hpuxws22APCH32.MOD_PERL version is less than B.2.2.15.15
  • OR hpuxws22APCH32.MOD_PERL2 version is less than B.2.2.15.15
  • OR hpuxws22APCH32.PHP version is less than B.2.2.15.15
  • OR hpuxws22APCH32.PHP2 version is less than B.2.2.15.15
  • OR hpuxws22APCH32.WEBPROXY version is less than B.2.2.15.15
  • OR hpuxws22APCH32.WEBPROXY2 version is less than B.2.2.15.15
  • OR Criteria meets HP Security Bulletin HPSBUX02866
  • HP-UX B.11.31
  • OR hpuxws22TOMCAT.TOMCAT version is less than C.6.0.36.01
  • OR hpuxws22TOMCAT.TOMCAT version is less than D.7.0.35.01
    • BACK