FortiClient VulnerabilityApache Tomcat CVE-2012-3546 Weak Authentication Vulnerability
Description
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending /j_security_check to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().
Affected Applications
Apache Tomcat
CVE References
CVE-2012-3546Other References
http://tomcat.apache.org/security.html| ID | 43244 |
| Created | Jan 17, 2020 |
| Description Updated |
Dec 14, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Linux |
| Vendor | Apache |
| Patch | manual |
| Application | Apache Tomcat |