FreeBSD : tomcat -- bypass of security constraints (f599dfc4-3ec2-11e2-8ae1-001a8056d0b5)
Medium Nessus Plugin ID 63160
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe Apache Software Foundation reports :
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending '/j_security_check' to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate().
SolutionUpdate the affected packages.