tomcat6-6.0.24-48.AXS4
エラータID: AXSA:2013-27:01
リリース日:
2013/01/18 Friday - 12:37
題名:
tomcat6-6.0.24-48.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Apache Tomcat の org/apache/catalina/realm/RealmBase.java には、FORM 認証が使用される際、security-constraint のチェックを回避される脆弱性が存在します。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-3546
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
追加情報:
N/A
ダウンロード:
SRPMS
- tomcat6-6.0.24-48.AXS4.src.rpm
MD5: 614558641b431bfc8df407a8ada828e2
SHA-256: 1cf25d8fdb6a03c0b2dc85a61d57d71b3d93c1e7870998551672850c3dd770d4
Size: 3.35 MB
Asianux Server 4 for x86
- tomcat6-6.0.24-48.AXS4.noarch.rpm
MD5: 5ada6fa75bfd5946d82b444f0ba5c14e
SHA-256: 3c78d59110c056b9ea2703101ed5e84b38d8e49934d72ce115babe3d16c6871e
Size: 86.87 kB - tomcat6-el-2.1-api-6.0.24-48.AXS4.noarch.rpm
MD5: 07ff8545ca84a434a118c6fde0ee983a
SHA-256: fd4758f47a7fbf12dfb5d382be7e371308f6fd7fa2632c42a080517546b71369
Size: 42.85 kB - tomcat6-jsp-2.1-api-6.0.24-48.AXS4.noarch.rpm
MD5: 347bad2763c81ae636e52979419dd7f2
SHA-256: 5cd31e26c8e37643e3bdadb20b7351cc6766d0b1ede9124c9938dd11067715ae
Size: 79.73 kB - tomcat6-lib-6.0.24-48.AXS4.noarch.rpm
MD5: b302ec0272aa626c29e05f36a949dec3
SHA-256: aadcbce62ce4093f56e819139a9ff1e14c51694fd9bbcfc1b6d05c97dec88e08
Size: 2.82 MB - tomcat6-servlet-2.5-api-6.0.24-48.AXS4.noarch.rpm
MD5: 0088430e4ccaa54438ef8e3181e029a9
SHA-256: 9bf0e2133e939b1c02f83d8459ba354e85a70afb4f0416b53b98b577eb1b21b4
Size: 93.62 kB
Asianux Server 4 for x86_64
- tomcat6-6.0.24-48.AXS4.noarch.rpm
MD5: a6f4c6e486c52c00ac83215d73445787
SHA-256: b7c3c12618e87aafc3147bdde659e26806a5bd7e415026168f6f68975664b5c0
Size: 86.41 kB - tomcat6-el-2.1-api-6.0.24-48.AXS4.noarch.rpm
MD5: 1ae0bb99693d9e1cac87bb6894612bad
SHA-256: 7562ab25882be1f05bf404ef4734cbf8545d3f510579dea6b5f1d825589cad82
Size: 42.39 kB - tomcat6-jsp-2.1-api-6.0.24-48.AXS4.noarch.rpm
MD5: e5dba271d56fd37c860026322474ed7e
SHA-256: 315ca32fd031f948ce02da890d64d38b7af49b1b7d9d5ef4e82f856cc2d1a68a
Size: 79.29 kB - tomcat6-lib-6.0.24-48.AXS4.noarch.rpm
MD5: 0831f81d1ee9d1803bccc0967cc57f30
SHA-256: 7c9ad65a40494c0adc28bfdd96be75d20dd2538dcc94e34167c76a6a319cbdb8
Size: 2.82 MB - tomcat6-servlet-2.5-api-6.0.24-48.AXS4.noarch.rpm
MD5: 3251ac321ded9a78496a13778fbd3e31
SHA-256: 33e76a54196bf3964adf6f4dac089e4e6729fceba04303fed8f6d3eab238decf
Size: 93.17 kB